Boost logo

Boost :

From: Rainer Deyke (rdeyke_at_[hidden])
Date: 2021-07-23 19:32:28


On 23.07.21 16:45, Phil Endecott via Boost wrote:
> What I'm trying to do is to sanitise the input to an internet-
> exposed process, to reject malicious input'); drop table users;
> As an example I'll look at input that is supposed to be base-64
> encoded and no more than a couple of kilobytes long.
I'm going off on a tangent here, but I hope you're not actually trying
to prevent SQL injection attacks by validating inputs with regular
expressions. That would be a brittle and unnecessarily complex approach
which would almost certainly either reject valid input or fail to reject
all attacks or both. The only correct way to prevent SQL injection
attacks is to always use parametrized statements.

-- 
Rainer Deyke (rainerd_at_[hidden])

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk