Boost :

From: Rainer Deyke (rdeyke_at_[hidden])
Date: 2021-07-23 19:32:28

• Next message: Ivan Matek: "I would like to add boost::algorithm::is_clamped, how to proceed?"
• Previous message: John Maddock: "Re: Regexp performance guarantees"
• In reply to: Phil Endecott: "Re: Regexp performance guarantees"

On 23.07.21 16:45, Phil Endecott via Boost wrote:
> What I'm trying to do is to sanitise the input to an internet-
> exposed process, to reject malicious input'); drop table users;
> As an example I'll look at input that is supposed to be base-64
> encoded and no more than a couple of kilobytes long.
I'm going off on a tangent here, but I hope you're not actually trying
to prevent SQL injection attacks by validating inputs with regular
expressions. That would be a brittle and unnecessarily complex approach
which would almost certainly either reject valid input or fail to reject
all attacks or both. The only correct way to prevent SQL injection
attacks is to always use parametrized statements.

-- 
Rainer Deyke (rainerd_at_[hidden])

• Next message: Ivan Matek: "I would like to add boost::algorithm::is_clamped, how to proceed?"
• Previous message: John Maddock: "Re: Regexp performance guarantees"
• In reply to: Phil Endecott: "Re: Regexp performance guarantees"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk