Hi Pascal, I assume you're referring to SQL injection attacks. You can avoid them by using the varslist/arrayname parameter of revDataFromQuery/revQueryDatabase/revExecute SQL. See the dictionary for more details but it involves using placeholders in your SQL statements and loading the values for those placeholders into separate variables or a numerically keyed array.
On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <tat...@gmail.com> wrote: > Hi all, > > I am working on a desktop app that is running a SQLite database and might > well end up as a HTML5 server version with MySQL in the not-so-far future. > For this I want to have some sort of input validation to avoid security and > XSS incidents. > > Does anyone have a library or function to "sanitize" any sql statement > before running it against the database? Or how do you do this? > > Thanks, > > Pascal > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
