apologize, forgot to cc public-lod ---------- Forwarded message ---------- From: Davide Palmisano <[email protected]> Date: Mon, Mar 29, 2010 at 4:51 PM Subject: Re: Preventing SPARQL injection To: Angelo Veltens <[email protected]>
Hi Angelo, I'm not sure I well understood your problem. Anyway may be worth give a look to this: http://clarkparsia.com/weblog/2010/02/03/empire-0-6/ cheers, Davide On Sat, Mar 27, 2010 at 1:10 PM, Angelo Veltens <[email protected]> wrote: > Hi all, > > my name is Angelo Veltens, i'm studying computer science in germany. I > am using the jena framework with sdb for a student research project. > > I'm just wondering how to prevent sparql injections. It seems to me, > that i have to build my queries from plain strings and do the sanitizing > on my own. Isn't there something like prepared statements as in > SQL/JDBC? This would be less risky. > > Kind regards, > Angelo Veltens > > > -- Davide Palmisano Technologist at Fondazione Bruno Kessler http://davidepalmisano.wordpress.com http://twitter.com/dpalmisano -- Davide Palmisano http://davidepalmisano.wordpress.com http://twitter.com/dpalmisano
