Hi Peter and Bob, Thanks for your ideas. I think I found a good way by doing a input check for the user fields on closeField to avoid totally wrong information and then I will store this unicode encoded in the database. This should avoid quite a few problems from the start.
Regards, Pascal 2015-07-06 22:49 GMT+02:00 Peter Haworth <[email protected]>: > Hi Pascal, > I assume you're referring to SQL injection attacks. > > You can avoid them by using the varslist/arrayname parameter of > revDataFromQuery/revQueryDatabase/revExecute SQL. See the dictionary for > more details but it involves using placeholders in your SQL statements and > loading the values for those placeholders into separate variables or a > numerically keyed array. > > On Mon, Jul 6, 2015 at 1:20 AM Pascal Lehner <[email protected]> wrote: > > > Hi all, > > > > I am working on a desktop app that is running a SQLite database and might > > well end up as a HTML5 server version with MySQL in the not-so-far > future. > > For this I want to have some sort of input validation to avoid security > and > > XSS incidents. > > > > Does anyone have a library or function to "sanitize" any sql statement > > before running it against the database? Or how do you do this? > > > > Thanks, > > > > Pascal > > _______________________________________________ > > use-livecode mailing list > > [email protected] > > Please visit this url to subscribe, unsubscribe and manage your > > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
