MySQL :: Re: Do we consider input validation when designing?

New Topic

Re: Do we consider input validation when designing?

Posted by: Rick James
Date: August 27, 2010 10:36PM

Input validation MUST come BEFORE touching the database. Else a hacker could mangle your statements and do naughty things.

OTOH, once you have validated that the input is a string of letters, you could do a SELECT to see if that string is in a table of valid words.

Or, after checking that the input looks like a phone number (suitable digits, dashes, etc and NO other characters), then you could do a SELECT to see if it a valid phone number.

SELECT COUNT(*) FROM tbl WHERE foo = '....';
Then see if you get back 0 (absent) or 1 (present in the table). Depending on the situation, you could get back more than 1.

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Written By

Posted

Do we consider input validation when designing?

wayne r

August 23, 2010 02:48PM

Re: Do we consider input validation when designing?

Peter Brawley

August 24, 2010 11:37AM

Re: Do we consider input validation when designing?

wayne r

August 24, 2010 12:53PM

Re: Do we consider input validation when designing?

Peter Brawley

August 24, 2010 05:19PM

Re: Do we consider input validation when designing?

wayne r

August 26, 2010 12:19PM

Re: Do we consider input validation when designing?

Rick James

August 27, 2010 10:36PM

Re: Do we consider input validation when designing?

wayne r

August 30, 2010 11:49AM

Re: Do we consider input validation when designing?

Peter Brawley

August 30, 2010 12:44PM

Re: Do we consider input validation when designing?

wayne r

August 30, 2010 11:41PM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.