Storing and retrieving data from a SQL database

Mike Kerner MikeKerner at roadrunner.com
Thu May 19 10:41:38 EDT 2016


Remember the conversations about handling CSV?  All I will tell you from
escaping data for SQL is...good luck.  I accidentally discovered SQL
injection (as did everyone else, I'm sure) 30 years ago when C/S was just
getting legs.  Since then, we have yet to come up with an escaping scheme
that doesn't break down, eventually.  In simple or special cases, you will
be able to make it work, but understand going in that someone is going to
break it for you.  When they do, hopefully they don't
accidentally/intentionally break the rest of your system.  When possible,
use parameterized queries, instead.

On Thu, May 19, 2016 at 10:29 AM, Bob Sneidar <bobsneidar at iotecdigital.com>
wrote:

> sqlYoga escapes their data. You may want to download it. The source is
> free now (correct me if I am wrong), compliments to Trevor DeVore. I bet
> you could get his escaping code from that.
>
> Bob S
>
>
> On May 18, 2016, at 17:16 , Paul Dupuis <paul at researchware.com<mailto:
> paul at researchware.com>> wrote:
>
> Does anyone have some really good (comprehensive) routines to escape and
> unescape text data for storing in a SQL database (like SQLite or MySQL)
>
> basics like:
> replace cr with "\n" in pText -- replace any cr with "\n" for new line
> replace tab with "\t" in pText-- replace tabs with "\t"
> replace "'" with "\'" in pText-- replace single quotes with an escaped
> single quote
> replace quote with backslash&quote in pText-- replace double quote with
> escaped double quote
>
>
> but I expect I am missing some characters that SQL manuals say should be
> escaped. What about slash itself? And do you unescaped them in the same
> order you escape them or reverse order or does the order matter?
>
> I could Google the manuals, write some code, test it and revise until
> I've found all the characters and got the order to escape and unescape
> down correctly, but I figure someone else may have already done this
> comprehensively and be willing to share their code?
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."



More information about the use-livecode mailing list