--- Mike Duffy <[EMAIL PROTECTED]> wrote: > Does anyone have a great solution for a validator > that will prevent users from entering malicious SQL > into form entry text fields?
I'm not sure that belongs in a validator; unless you never need to allow the use of a single quote. It is, hoever unlikely, conceivable that Little Bobby Tables[1] actually exists in the real world. Personally I'd put escaping either in a separate interceptor or on the business logic/pre-business logic data scrubbing side of things. d. [1] http://xkcd.com/327/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
