Sorry try/catch is not a loop. :-) Bob S
> On Jul 6, 2015, at 13:12 , Bob Sneidar <bobsnei...@iotecdigital.com> wrote: > > One way I used in the past was to get the schema of the table, and for each > column I would be updating I would check type, length, limits etc. to make > sure my data fell within the constraints of the column. Another way involves > using the error messages SQL sends back when a query fails to determine what > went wrong, and then alert the end user about what they need to do to fix it. > To do this, you would put your insert/updates into try/catch loops and in the > catch section call some command you write passing it the first parameter from > the catch section. i.e. > > try > <some sql here> > catch theError > processSQLError theError > end try > > Bob S > > >> On Jul 6, 2015, at 01:19 , Pascal Lehner <tat...@gmail.com> wrote: >> >> Hi all, >> >> I am working on a desktop app that is running a SQLite database and might >> well end up as a HTML5 server version with MySQL in the not-so-far future. >> For this I want to have some sort of input validation to avoid security and >> XSS incidents. >> >> Does anyone have a library or function to "sanitize" any sql statement >> before running it against the database? Or how do you do this? >> >> Thanks, >> >> Pascal >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
