Re: query checking

You might also try giving the client user different rights to
the database.  Only allow select, insert, and update but
disallowing any deletes.  That way you won't need to build it
into your PHP code.

Brent

--- s <stefang@bundabergcity.qld.gov.au> wrote:
> I am writing a site that
> does select/insert SQL commands with users input.
>
> There is a potential hazard if some one tries to execute there
> own commands in an input box
> eg.    the user types into the input  box on a form  -   [ ";
> delete *
> from table; ]
>
> I'm after a regular expression (that'd be nice) or an
> algorithm to
> tell that only one query is being passed to psql at a time.
>
> The query string will be processed if
> Either - one SELECT command only
>            - one INSERT command only
>            - one UPDATE command only
> ELSE - dont process query
>
> Any input would be much appreciated.
> thanks,
> stef
>


=====
"The instructions said install windows 98 or better, so I installed Linux"

http://www.matzelle.net

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/