[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: preventing sql injection

Subject: Re: preventing sql injection
From: Mike Schrag <email@hidden>
Date: Thu, 25 Oct 2007 12:06:37 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden

This one will not work, because % and * are part of the regular _expression_ syntax/

This however, did work: filterString = filterString.replaceAll("[\\*\\%\\?]","");

Character classes in regexs do not actually require escaping, so filterString.replaceAll("[*%?]","") would be what you actually want ... Otherwise I would expect you're probably inadvertently removing backslashes also.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/email@hidden

This email sent to email@hidden

References:
	>preventing sql injection (From: Johan Henselmans <email@hidden>)
	>Re: preventing sql injection (From: Q <email@hidden>)
	>Re: preventing sql injection (From: Johan Henselmans <email@hidden>)
	>Re: preventing sql injection (From: "John Huss" <email@hidden>)
	>Re: preventing sql injection (From: Johan Henselmans <email@hidden>)

Prev by Date: Re: preventing sql injection
Next by Date: Re: preventing sql injection
Previous by thread: Re: preventing sql injection
Next by thread: Re: preventing sql injection
Index(es):
- Date
- Thread

Home