On Monday, 12 December 2016 at 10:25:05 UTC, aberba wrote:
On Monday, 12 December 2016 at 00:42:54 UTC, Nicholas Wilson wrote:
On Sunday, 11 December 2016 at 18:30:54 UTC, aberba wrote:

You can enforce that the string that you receive is an email address with `isEmail` from `std.net.isemail`

Nice.

What sql library are you using? there is probably a function in that somewhere, that does sanitisation, or use prepared statements.

Will look into that. Currently planning to use mysql-lited (not sure which one is more capable though)



How about alternative to php strip_tags(), strip_slash() ?

With vibe.d I would definitely go with mysql-native instead since it's already compatible with it.

See: https://github.com/mysql-d/mysql-native

vibe.d and D in general doesn't suffer from the same things PHP does when it comes to sanitizing.

As long as you use prepared statements, then you won't suffer from it.

It's much safer to validate data, than sanitize it. That way you don't get garbage either.

Reply via email to