Prevent SQL Injection in DBI

guile-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Prevent SQL Injection in DBI

From:	Jakub Jankiewicz
Subject:	Prevent SQL Injection in DBI
Date:	Sun, 26 Mar 2017 18:54:27 +0200

Hi all,

I want to use guile-dbi with unsafe user input. I have code like this:

(dbi-query db-obj (string-append "SELECT * FROM users WHERE username = '"
                                 username
                                 "'"))

How can I escape username given from user to prevent sql injection?

I could validate username to only contain letters using [a-zA-Z] regex but
what about other languages that have non Latin letters and names like O'Conor?
This will also don't work for password that may have special characters.

--
Jakub Jankiewicz, Web Developer
http://jcubic.pl

[Prev in Thread]

Current Thread

[Next in Thread]

Prevent SQL Injection in DBI, Jakub Jankiewicz <=
- Re: Prevent SQL Injection in DBI, Christopher Allan Webber, 2017/03/27

Prev by Date: Re: Let’s update the web site’s library page!
Next by Date: Re: Prevent SQL Injection in DBI
Previous by thread: Re: Let?s update the web site?s library page!
Next by thread: Re: Prevent SQL Injection in DBI
Index(es):
- Date
- Thread