D
Darrel
I'm learning a bit about the SWL injection issues and want to write a shared
class that I can call from anywhere in my project to 'sanitize' any incoming
text from textfields before sending to the DB.
Is it enough to simply escape single quotes as two single quotes? Ie,
replace ' with ''? Or should I also be checking for things like brackets,
parenthesis and SQL command words (INSERT, UPDATE, DELETE, etc.)?
And...maybe a dumb question, but why doesn't SQL check for these things
automatically?
-Darrel
class that I can call from anywhere in my project to 'sanitize' any incoming
text from textfields before sending to the DB.
Is it enough to simply escape single quotes as two single quotes? Ie,
replace ' with ''? Or should I also be checking for things like brackets,
parenthesis and SQL command words (INSERT, UPDATE, DELETE, etc.)?
And...maybe a dumb question, but why doesn't SQL check for these things
automatically?
-Darrel