Hi all,
I want to use guile-dbi with unsafe user input. I have code like this:
(dbi-query db-obj (string-append "SELECT * FROM users WHERE username = '"
username
"'"))
How can I escape username given from user to prevent sql injection?
I could validate username to only contain letters using [a-zA-Z] regex but
what about other languages that have non Latin letters and names like O'Conor?
This will also don't work for password that may have special characters.
--
Jakub Jankiewicz, Web Developer
http://jcubic.pl
