Re: query checking
| От | Chris Ryan |
|---|---|
| Тема | Re: query checking |
| Дата | |
| Msg-id | 3A6C3957.BE9D921E@greatbridge.com обсуждение исходный текст |
| Ответ на | query checking (s <stefang@bundabergcity.qld.gov.au>) |
| Ответы |
beware the subselect
|
| Список | pgsql-php |
Probably the most direct way to look for and catch such attempts would be to search for the semi-colon ';' and if it exists just give an error. Chris Ryan chris@greatbridge.com s wrote: > > I am writing a site that > does select/insert SQL commands with users input. > > There is a potential hazard if some one tries to execute there > own commands in an input box > eg. the user types into the input box on a form - [ "; delete * > from table; ] > > I'm after a regular expression (that'd be nice) or an algorithm to > tell that only one query is being passed to psql at a time. > > The query string will be processed if > Either - one SELECT command only > - one INSERT command only > - one UPDATE command only > ELSE - dont process query > > Any input would be much appreciated. > thanks, > stef
В списке pgsql-php по дате отправления: