> I'm thinking this should suffice where the "positive match" is A-z plus 0-9, > comma, period and explanation mark... if allowed should suffice, but then I > may need to deal with SQL injection (PostGreSQL) also. if there is no ";" > then nothing can happen. But I know it is more complicated that that.
According to the revIgniter docs when using the placeholder SQL syntax the db external escapes the variable/array element for you and therefore protects you from SQL injection. I can't find that in the rev docs but I imagine Ralf has investigated. Cheers -- Monte Goulding M E R Goulding Software Development Bespoke application development for vertical markets InstallGadget - How to create an installer in 10 seconds revObjective - Making behavior scripts behave _______________________________________________ use-revolution mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
