Re: preventing sql injection
Re: preventing sql injection
- Subject: Re: preventing sql injection
- From: Q <email@hidden>
- Date: Thu, 25 Oct 2007 07:53:33 +1000
This isn't SQL injection, it's just a filtering constraint.
SQL injection is when someone enters something like "a' or 'a' =
'a" in your search field and instead of returning some restricted
recordset it returns every row in the table because additional
constraints have been injected into the query. Hence the name.
If you don't want to allow '%' or '*' characters in your qualifier,
remove them before you pass the string to EOF.
On 24/10/2007, at 6:38 PM, Johan Henselmans wrote:
I have to use a Qualifier with QualifierOperatorCaseInsensitiveLike
as the operator. The problem is that it will also honor things like
'%a%" or "*", which I do not want. I search for Webobjects and sql
injection, but could not find anything. How do people get rid of
the sql wildcards if you don't want them in your search strings?
Regards,
Johan Henselmans
http://www.netsense.nl
Tel: +31-20-6267538
Fax: +31-20-6273852
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Seeya...Q
Quinton Dolan - email@hidden
Gold Coast, QLD, Australia (GMT+10)
Ph: +61 419 729 806
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden