I should probably remove my fingers from the keyboard since I have so little experience with mssql, but here goes:
Isn't the "." only special in field and table names? If that's where the user input was used, I think it's the programmer's responsibility to validate/sanitize the input. A plugin simply doesn't have the knowledge required to sanitize those parts of an SQL statement. Please correct me if I'm wrong. On Monday, December 31, 2012 5:24:21 PM UTC-5, alonn wrote: > > I'm using sqlalchemy orm (with turbogears) to write data from a web > application to an mssql 2005 Db (used by another application, not > maintained by me). > after dealing with a serious case of data corruption (basically because of > user data including the "." sign). is there a way to use sqlalchemy also as > a validator/sanitizor for userdate? > I know there is a basic sql escaping (preventing sql injection) baked into > sqlalchemy but obviousely I need something stronger. > if sqlalchemy can't handle it by itself is there another library (or > sqlalchemy plugin) that can give me this functionality? > thanks for the help > -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To view this discussion on the web visit https://groups.google.com/d/msg/sqlalchemy/-/vvJBni7Oo38J. To post to this group, send email to sqlalchemy@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
