The new version of commons-lang (see CVS at present), will have a class, StringEscapeUtils, to escape strings including SQL and HTML. This may be of some use.
Stephen ----- Original Message ----- From: "Marcelo Bello" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 22, 2003 12:44 AM Subject: Checking if a String is both HTML and SQL safe > I am developing a web application that MUST be safe. > > I am searching for a Java lib that can check a string to be both: > > - HTML safe (replacing '<' with '>' etc... ); > - SQL safe; > > SQL safeness is critical, because string typed by the user will be used to > generate a SQL statement. I can't allow users to input a "malicious" > string that would end up allowing them to execute arbitrary SQL > statements. > > Anyone know where I could find a Java lib for that? > > If not, then consider this email as a suggestion. > > Best Regards, > > Marcelo Bello > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
