Code Newbie
News     Forums     Search     Members     Sign Up    

My Code Newbie
Username

Password

Articles/Snippets
ASP Classic
ASP.NET
C
C#
C++
HTML / CSS
Java
Javascript
Linux / BSD
Perl
PHP
Python
Ruby
SQL
VB 6
VB.NET

C.N. Friends
  Planet Rome

Link to Us!
Code Newbie
  Code Newbie
    forums
Go Back   Code Forums > Application and Web Development > Everything SQL ( MySQL, MSSQL, DB2, Postgre, Oracle, etc...)
sql security sql security
User Name
Password

Reply
 
LinkBack Thread Tools Display Modes
Old 03-08-2008, 06:19 PM   #1 (permalink)
falsepride
Regular Contributor
 
Join Date: Oct 2004
Posts: 192
falsepride is on a distinguished road
sql security
sometimes its necessary to take user submitted data from a form in a query. without buffering data, things could probably get pretty nasty if the user wanted to mess things up. how should one probably buffer data to prevent tables from being deleted or values changed around?
__________________
falsepride is offline   Reply With Quote
Old 03-08-2008, 06:51 PM   #2 (permalink)
bdl
Senior Contributor
 
Join Date: May 2002
Location: vta.ca.usa
Posts: 555
bdl is on a distinguished road
The best thing I can suggest is to research SQL injection, and pay attention to data types in the process.

Some tips:

Validate your data for the specific type and content you expect. PHP's ctype functions come in handy for quickly testing content and you can use some simple type juggling to make sure the data meets your requirements.

Use one of the native functions to properly escape data; if you're using MySQL, for example, there is a MySQL specific function for doing that. Not all RDBMS extensions have a native escape function, but most do. If the extension doesn't support it, consider using one of the available libraries, such as PEAR MDB2.

Parameterized queries are also a great tool; I suggest looking into using them if your library or extension provides that function.
__________________
bdl is offline   Reply With Quote
Old 03-16-2008, 06:35 PM   #3 (permalink)
falsepride
Regular Contributor
 
Join Date: Oct 2004
Posts: 192
falsepride is on a distinguished road
what ctype functions would one need without being too excessive. i only want capital and lowercase letters, numbers, spaces, and standard other characters like /,-,(,), and maybe a few others
__________________
falsepride is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
help with SQL and VB.NET doobiwan Everything SQL ( MySQL, MSSQL, DB2, Postgre, Oracle, etc...) 4 06-10-2005 07:09 AM
New Microsoft Security Service to Offer Timely Guidance redhead Code Newbie News 0 05-09-2005 02:44 AM
Fix security at source with latest inspection software redhead Code Newbie News 0 04-05-2004 04:23 AM
Beginning SQL sequences using PostgreSQL and Oracle jeffro SQL 1 02-03-2004 08:32 AM
LinuxWorld: 2.6 kernel cures some security shortcomings sde Code Newbie News 0 08-08-2003 07:39 AM


All times are GMT -8. The time now is 07:53 AM.

Contact Us - CodeNewbie.com - Archive - Top

Powered by vBulletin Version 3.6.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.0.0 RC8





Copyright © 2000-2006, Milano Interactive
Web Hosting provided by Portal 360 Web Hosting
Open Circle