You can't do SQL injection. GQL isn't SQL. It's read only, so in theory someone might be able to swap values around, but other than that it's not possible to inject multiple statements using a delimiter.
-- Ikai Lan Developer Programs Engineer, Google App Engine Blogger: http://googleappengine.blogspot.com Reddit: http://www.reddit.com/r/appengine Twitter: http://twitter.com/app_engine On Tue, Sep 28, 2010 at 12:19 PM, Martin Webb <[email protected]> wrote: > Im in final stages of finishing an app > I was wondering if when i receive params from forms in my handlers - > querystrings - i need to do anything to them (escape) before i use them in > my app. ie to eliminate (old fasioned sql injection) i have a base class > that reads posted params so its easy to add a check to strings that must not > contain dangerous - code. is this nessacary on app engine? > > > Regards > > > > > > *Martin Webb* > > > > > > The information contained in this email is confidential and may contain > proprietary information. It is meant solely for the intended recipient. > Access to this email by anyone else is unauthorised. If you are not the > intended recipient, any disclosure, copying, distribution or any action > taken or omitted in reliance on this, is prohibited and may be unlawful. No > liability or responsibility is accepted if information or data is, for > whatever reason corrupted or does not reach its intended recipient. No > warranty is given that this email is free of viruses. The views expressed in > this email are, unless otherwise stated, those of the author > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
