On Monday, 12 December 2016 at 10:25:05 UTC, aberba wrote:
On Monday, 12 December 2016 at 00:42:54 UTC, Nicholas Wilson
wrote:
On Sunday, 11 December 2016 at 18:30:54 UTC, aberba wrote:
You can enforce that the string that you receive is an email
address with `isEmail` from `std.net.isemail`
Nice.
What sql library are you using? there is probably a function
in that somewhere, that does sanitisation, or use prepared
statements.
Will look into that. Currently planning to use mysql-lited (not
sure which one is more capable though)
How about alternative to php strip_tags(), strip_slash() ?
With vibe.d I would definitely go with mysql-native instead since
it's already compatible with it.
See: https://github.com/mysql-d/mysql-native
vibe.d and D in general doesn't suffer from the same things PHP
does when it comes to sanitizing.
As long as you use prepared statements, then you won't suffer
from it.
It's much safer to validate data, than sanitize it. That way you
don't get garbage either.