[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Prevent SQL Injection in DBI

From: Jakub Jankiewicz
Subject: Prevent SQL Injection in DBI
Date: Sun, 26 Mar 2017 18:54:27 +0200

Hi all,

I want to use guile-dbi with unsafe user input. I have code like this:

(dbi-query db-obj (string-append "SELECT * FROM users WHERE username = '"

How can I escape username given from user to prevent sql injection?

I could validate username to only contain letters using [a-zA-Z] regex but
what about other languages that have non Latin letters and names like O'Conor?
This will also don't work for password that may have special characters.

Jakub Jankiewicz, Web Developer

reply via email to

[Prev in Thread] Current Thread [Next in Thread]