You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Although #10 should make users much more aware of SQL injections, here's another idea to help users prevent bad practice.
The most likely route for unsafe data to enter a database command, is via the query arg of e.g. select or delete. We could parse this argument and check that it only consists of simple names, logical operators ("AND" and "OR") and question marks, and perhaps some other syntax that I'm overlooking now.
We could then show a warning or even raise an exception (when a flag is certain set?) when things look unsafe.
This is just an idea for now.
The text was updated successfully, but these errors were encountered:
Although #10 should make users much more aware of SQL injections, here's another idea to help users prevent bad practice.
The most likely route for unsafe data to enter a database command, is via the query arg of e.g.
selectordelete. We could parse this argument and check that it only consists of simple names, logical operators ("AND" and "OR") and question marks, and perhaps some other syntax that I'm overlooking now.We could then show a warning or even raise an exception (when a flag is certain set?) when things look unsafe.
This is just an idea for now.
The text was updated successfully, but these errors were encountered: