On Monday, January 27, 2014 3:21:25 PM UTC-5, Apple Mason wrote: > > Yeah, the search terms will be open to the public. But the search terms > will be queried in the database using like() or contains() from the DAL. > Will that be okay if those search terms are unsanitized? >
Should be fine. Anyway, form processing doesn't do anything to prevent SQL injection (i.e., form validation doesn't sanitize input, and by default there are no validators applied to string or text fields). Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
