See the character filter I donated last week
----- Original Message -----
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 01, 2001 9:31 PM
Subject: Re: filtering unwanted characters
>
>
> On Fri, 11 May 2001, Ian Kallen <[EMAIL PROTECTED]> wrote:
>
> >
> > Apache 2.0 supports input filters, how about writing one that cleans the
> > data input before mod_jk/mod_webapp can hand it off to Tomcat?
> >
>
> In a Servlet 2.3 environment (such as Tomcat 4.0), you can use the new
> Filter APIs to accomplish the same thing.
>
> However, either of these approaches means you have to parse out the
> request parameters and put them back together again for the
> "real" servlet. That sounds like a lot more work than should be needed.
>
> > On Fri, 11 May 2001, Nanduri, Amarnath wrote: > I am looking for some
> > open source code that deals with filtering > technology. Basically i
> > want to filter any unwanted characters from the user > input data. The
> > user might try to pass in some SQL quesries or try to run > some shell
> > scripts or put special characters which might be rejected by a >
> > database (or even corrupt it). If no such open source code is
> > available then > i want to write something like that. I was wondering
> > if anyone has done some
> >
>
> Have you considered putting stuff like this in the validate() method of
> your form bean? You could probably write a common utility method that
> scanned a String for unwanted characters, returning "true" if there was a
> problem. Then, your validate() method would pass all the input strings in
> the form through this method to look for problems.
>
> The other thing that really really helps when doing database stuff is to
> use JDBC PreparedStatement objects. That way, even if your users try to
> pass in wierd command delimiters and stuff, it ends up inside an SQL
> string that is properly quoted by the driver itself, rather than modifying
> the SQL command you are trying to run.
>
> > cheers,
> > -Ian
> >
> > --
> > Ian Kallen <[EMAIL PROTECTED]> | AIM: iankallen
> >
> >
>
> Craig
>
>
