From: Matt F. <ma...@da...> - 2004-06-22 18:19:39
|
Marc Saric wrote: > Although this is only for Intranet-use, I would like to add a Validator, > which prevents SQL-injection on Db-queries. > > Has anyone tried to write one or an advice, where to look or how to > tackle this problem? Hello, I'm the author of FormKit. We've never done this specifically, but I expect that it's just a matter of inspecting a string and looking for nasty bits. Do some googling to see what the standards are for that. In any case, converting a string is easy to do in a validator. Look in some of the examples to see how a validator works. Maybe look at FormKit.Validators.Year as a starter. You can put whatever code you like into the _validate method, or if it's a matter of converting the string into something else (escaping it, say) you can use _convert. Good luck. |