From: Shayne O. <sh...@pe...> - 2004-06-22 18:26:43
|
Try slashing and unslashing. Theres PHP functions for this, but I really dont know for py On Tue, 22 Jun 2004, Matt Feifarek wrote: > Marc Saric wrote: > > > Although this is only for Intranet-use, I would like to add a Validator, > > which prevents SQL-injection on Db-queries. > > > > Has anyone tried to write one or an advice, where to look or how to > > tackle this problem? > > Hello, I'm the author of FormKit. > > We've never done this specifically, but I expect that it's just a matter > of inspecting a string and looking for nasty bits. Do some googling to > see what the standards are for that. > > In any case, converting a string is easy to do in a validator. Look in > some of the examples to see how a validator works. Maybe look at > FormKit.Validators.Year as a starter. > > You can put whatever code you like into the _validate method, or if it's > a matter of converting the string into something else (escaping it, say) > you can use _convert. > > Good luck. > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Webware-discuss mailing list > Web...@li... > https://lists.sourceforge.net/lists/listinfo/webware-discuss > |