[Seaside] Avoiding SQL injections with squeak / seaside /
mysqldriver
Boris Popov
boris at deepcovelabs.com
Thu Oct 19 16:51:17 UTC 2006
One thing you should do is make sure you never construct SQL by
concatenation, but rather always use bound values (if Squeak's db
interface supports them, of course).
Cheers,
-Boris
--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
boris at deepcovelabs.com
CONFIDENTIALITY NOTICE
This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.
Thank you.
-----Original Message-----
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of Vincent
Girard-Reydet
Sent: Thursday, October 19, 2006 9:46 AM
To: seaside at lists.squeakfoundation.org
Subject: [Seaside] Avoiding SQL injections with squeak / seaside /
mysqldriver
Hello,
I hope this is the right place to ask the question.
I'm using squeak / seaside and the mysql driver to implement a web site
with database support.
I wish to avoid SQL injections from user input.
Does anyone know if there is something already in Squeak to do this
(namely escaping quotes in user input) ?
Thanks a lot.
Vincent Girard-Reydet
_______________________________________________
Seaside mailing list
Seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the Seaside
mailing list