Marc Saric wrote:
Although this is only for Intranet-use, I would like to add a Validator, which prevents SQL-injection on Db-queries.
Has anyone tried to write one or an advice, where to look or how to tackle this problem?
Hello, I'm the author of FormKit.
We've never done this specifically, but I expect that it's just a matter of inspecting a string and looking for nasty bits. Do some googling to see what the standards are for that.
In any case, converting a string is easy to do in a validator. Look in some of the examples to see how a validator works. Maybe look at FormKit.Validators.Year as a starter.
You can put whatever code you like into the _validate method, or if it's a matter of converting the string into something else (escaping it, say) you can use _convert.
Good luck.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
