| From: | Chris Ryan <chris(at)greatbridge(dot)com> |
|---|---|
| To: | s <stefang(at)bundabergcity(dot)qld(dot)gov(dot)au> |
| Cc: | pgsql-php(at)postgresql(dot)org |
| Subject: | Re: query checking |
| Date: | 2001-01-22 13:44:55 |
| Message-ID: | 3A6C3957.BE9D921E@greatbridge.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
Probably the most direct way to look for and catch such attempts would
be to search for the semi-colon ';' and if it exists just give an error.
Chris Ryan
chris(at)greatbridge(dot)com
s wrote:
>
> I am writing a site that
> does select/insert SQL commands with users input.
>
> There is a potential hazard if some one tries to execute there
> own commands in an input box
> eg. the user types into the input box on a form - [ "; delete *
> from table; ]
>
> I'm after a regular expression (that'd be nice) or an algorithm to
> tell that only one query is being passed to psql at a time.
>
> The query string will be processed if
> Either - one SELECT command only
> - one INSERT command only
> - one UPDATE command only
> ELSE - dont process query
>
> Any input would be much appreciated.
> thanks,
> stef
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Timothy_Maguire | 2001-01-22 14:45:40 | Re: query checking |
| Previous Message | s | 2001-01-22 00:44:20 | query checking |