Database Input Validation

Pascal Lehner tate83 at gmail.com
Wed Jul 8 03:52:42 EDT 2015


Hi Peter

Thanks for the link, your webinar stuff does provide some valuable
information :-)
I saw your work on SQLMagic.. is there any ETA?

Best,
Pascal


2015-07-07 18:24 GMT+02:00 Peter Haworth <pete at lcsql.com>:

> Hi Pascal,
> Sounds like I may have misunderstood your original question.
>
> I'm a firm believer in putting data validation functionality into your
> database schema.  There are several SQL DDL features that allow you to do
> that and several advantages to having the database handle it for you
> instead of writing your own code.  A couple of weeks ago, I did a webinar
> as part of the Create It With Livecode program that included information
> about this.  You can get the presentation slides at my web site
> www.lcsql.com on the Free Stuff page.
>
> On Tue, Jul 7, 2015 at 1:20 AM Pascal Lehner <tate83 at gmail.com> wrote:
>
> > Hi Peter and Bob,
> >
> > Thanks for your ideas.
> > I think I found a good way by doing a input check for the user fields on
> > closeField to avoid totally wrong information and then I will store this
> > unicode encoded in the database.
> > This should avoid quite a few problems from the start.
> >
> > Regards,
> > Pascal
> >
> > 2015-07-06 22:49 GMT+02:00 Peter Haworth <pete at lcsql.com>:
> >
> > > Hi Pascal,
> > > I assume you're referring to SQL injection attacks.
> > >
> > > You can avoid them by using the varslist/arrayname parameter of
> > > revDataFromQuery/revQueryDatabase/revExecute SQL.  See the dictionary
> for
> > > more details but it involves using placeholders in your SQL statements
> > and
> > > loading the values for those placeholders into separate variables or a
> > > numerically keyed array.
> > >
> > > On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <tate83 at gmail.com> wrote:
> > >
> > > > Hi all,
> > > >
> > > > I am working on a desktop app that is running a SQLite database and
> > might
> > > > well end up as a HTML5 server version with MySQL in the not-so-far
> > > future.
> > > > For this I want to have some sort of input validation to avoid
> security
> > > and
> > > > XSS incidents.
> > > >
> > > > Does anyone have a library or function to "sanitize" any sql
> statement
> > > > before running it against the database? Or how do you do this?
> > > >
> > > > Thanks,
> > > >
> > > > Pascal
> > > > _______________________________________________
> > > > use-livecode mailing list
> > > > use-livecode at lists.runrev.com
> > > > Please visit this url to subscribe, unsubscribe and manage your
> > > > subscription preferences:
> > > > http://lists.runrev.com/mailman/listinfo/use-livecode
> > > >
> > > _______________________________________________
> > > use-livecode mailing list
> > > use-livecode at lists.runrev.com
> > > Please visit this url to subscribe, unsubscribe and manage your
> > > subscription preferences:
> > > http://lists.runrev.com/mailman/listinfo/use-livecode
> > >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



More information about the Use-livecode mailing list