Hi Peter and Bob, Thanks for your ideas. I think I found a good way by doing a input check for the user fields on closeField to avoid totally wrong information and then I will store this unicode encoded in the database. This should avoid quite a few problems from the start.
Regards, Pascal 2015-07-06 22:49 GMT+02:00 Peter Haworth <p...@lcsql.com>: > Hi Pascal, > I assume you're referring to SQL injection attacks. > > You can avoid them by using the varslist/arrayname parameter of > revDataFromQuery/revQueryDatabase/revExecute SQL. See the dictionary for > more details but it involves using placeholders in your SQL statements and > loading the values for those placeholders into separate variables or a > numerically keyed array. > > On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <tat...@gmail.com> wrote: > > > Hi all, > > > > I am working on a desktop app that is running a SQLite database and might > > well end up as a HTML5 server version with MySQL in the not-so-far > future. > > For this I want to have some sort of input validation to avoid security > and > > XSS incidents. > > > > Does anyone have a library or function to "sanitize" any sql statement > > before running it against the database? Or how do you do this? > > > > Thanks, > > > > Pascal > > _______________________________________________ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
