if you let the pgSQL
First Name = aaron'; truncate USERS;
then that will be thier first name.
in the pgsql its something like
cursor.execute('''insert into USERS VALUES(%s)''' % (userinput))
will automaticlly escape the stringOn the other hand if you want to test the users input and tell them they are bad users then try something like
if userinput <> PgSQL.pgquotestring(userinput):
raise 'Bad Input'
Please test this though, I used is many years ago and the code was just made up while I wait for webware to restart....
-Aaron
Shayne ONeill wrote:
Try slashing and unslashing. Theres PHP functions for this, but I really dont know for py
On Tue, 22 Jun 2004, Matt Feifarek wrote:
Marc Saric wrote:
Although this is only for Intranet-use, I would like to add a Validator, which prevents SQL-injection on Db-queries.
Has anyone tried to write one or an advice, where to look or how to
tackle this problem?
Hello, I'm the author of FormKit.
We've never done this specifically, but I expect that it's just a matter of inspecting a string and looking for nasty bits. Do some googling to see what the standards are for that.
In any case, converting a string is easy to do in a validator. Look in some of the examples to see how a validator works. Maybe look at FormKit.Validators.Year as a starter.
You can put whatever code you like into the _validate method, or if it's a matter of converting the string into something else (escaping it, say) you can use _convert.
Good luck.
------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
--
-Aaron
http://www.MetroNY.com/
If the car industry behaved like the computer industry over the last 30 years, a Rolls-Royce would cost $5, get 300 miles per gallon, and blow up once a year killing all passengers inside.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
