[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Prevent SQL Injection in DBI
From: |
Jakub Jankiewicz |
Subject: |
Prevent SQL Injection in DBI |
Date: |
Sun, 26 Mar 2017 18:54:27 +0200 |
Hi all,
I want to use guile-dbi with unsafe user input. I have code like this:
(dbi-query db-obj (string-append "SELECT * FROM users WHERE username = '"
username
"'"))
How can I escape username given from user to prevent sql injection?
I could validate username to only contain letters using [a-zA-Z] regex but
what about other languages that have non Latin letters and names like O'Conor?
This will also don't work for password that may have special characters.
--
Jakub Jankiewicz, Web Developer
http://jcubic.pl
- Prevent SQL Injection in DBI,
Jakub Jankiewicz <=