Re: stripping HTML, SQL injections ...

On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:

> On Nov 14, 2007 2:40 PM, madhtr <madhtr@schif.org> wrote:
>> Quick question, are there any native functions in PostGreSQL 8.1.4
>> that will
>> strip HTML tags, escape chars, etc?
>
> I can't think of a lot of native functions, but it's sure easy enough
> to roll your own with things like the regex functionality built in.

Please don't do that- there are corner cases where a naive regex can
fail, leaving the programmer thinking he is covered when he is not.
The variety of web languages include filtering modules
(HTML::Scrubber)- in the case of Perl or PHP, it can even be run
server-side.

Furthermore, one shouldn't use an API which allows for SQL injections.

Cheers,
M