Hi all, Total noob question for you guys:
Background: I have a project where there are many components touching different SQLite dbs. Devs were told to make sure they are validating their sql statements, but as I have seen in the code, few of them have. On some components they have used the BIND statement, which will help. We are dealing with media file inputs mostly on this project, so people might have files named "Michael Jackson; Beat it; Thriller" or something like that. My concern is possible sql injections throughout the different code. We are on a tight deadline and we are unable to get back and recode a bunch of components. Question: Do you think that instead of getting them go back throughout their code, it is feasible to create a function that just eliminates the ; and replaces it with a ,? And if so, any suggested code? Thanks so much for your time. -Steve -- View this message in context: http://old.nabble.com/SQLite-file-Validation-tp28612927p28612927.html Sent from the SQLite mailing list archive at Nabble.com. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
