Depends if your database is hosted on a webserver which the mobile app accesses, or if it's local on the device.
It's probably harder to manipulate embedded JavaScript if everything is local on the phone. It's also less likely that you will deliver any "secrets" in an embedded DB too (because anyone can unwrap a mobile phone app installation package and peek inside). A user would only break their instance of the app if they mess with a local database. However, if it's an open website providing access to your DB then the same page can be visited in a regular web browser from a PC, so it's easy to manipulate requests and then there is only one DB for all users. If one screws it up, all the apps will be affected. Anyway, you can get around this by checking if the values are numeric. If not, just don't execute the query and show the user an error instead. L On 8 February 2012 15:29, E3 <[email protected]> wrote: > > > > Larry Knibb wrote: >> >> Btw, be careful where you get your $id and $group_id variable content >> from. If you are embedding these in a string (e.g. in a Perl script) >> then you should check these are numeric before you use them. Otherwise >> this is how SQL injection attacks happen, e.g. I might submit a >> malicious ID containing SQL commands which could screw up your >> database. >> > > I'm developing a mobile app with a JavaScript framework: are attacks > possible too? > -- > View this message in context: > http://old.nabble.com/how-to-perform-join--tp33280818p33284030.html > Sent from the SQLite mailing list archive at Nabble.com. > > _______________________________________________ > sqlite-users mailing list > [email protected] > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
