Sanitize user input: Difference between revisions
Content added Content deleted
(→{{header|Wren}}: Restricted name length to 20 characters and added another example.) |
|||
Line 9: | Line 9: | ||
* [[Parametrized SQL statement]] |
* [[Parametrized SQL statement]] |
||
=={{header|Phix}}== |
|||
As noted there is no magic "one size fits all" solution, and in the specific |
|||
case of sql the use of sqlite3_prepare() and sqlite3_bind_text() is strongly |
|||
recommended in preference to sqlite3_exec() or sqlite3_get_table(), at |
|||
least for any questionable input. |
|||
The inverse problem recently arose in p2js, whereby otherwise perfectly |
|||
valid code on desktop/Phix could and would generate invalid HTML/Javascript |
|||
if and when we tried to self-host (an effort which is still very much in progress, albeit not apace, btw): |
|||
<!--<lang Phix>(phixonline)--> |
|||
<span style="color: #008080;">with</span> <span style="color: #008080;">javascript_semantics</span> |
|||
<span style="color: #004080;">string</span> <span style="color: #000000;">header</span> <span style="color: #0000FF;">=</span> <span style="color: #008000;">""" |
|||
<!DOCTYPE html> |
|||
<html lang="en" > |
|||
<head> |
|||
<title>%%s</title>%s |
|||
</head> |
|||
<body> |
|||
<scr!ipt src="p2js.js"></scr!ipt>%%s%s |
|||
"""</span> |
|||
<span style="color: #000080;font-style:italic;">-- ...</span> |
|||
<span style="color: #000000;">header</span> <span style="color: #0000FF;">=</span> <span style="color: #7060A8;">substitute</span><span style="color: #0000FF;">(</span><span style="color: #000000;">header</span><span style="color: #0000FF;">,</span><span style="color: #008000;">"scr!ipt"</span><span style="color: #0000FF;">,</span><span style="color: #008000;">"script"</span><span style="color: #0000FF;">)</span> |
|||
<span style="color: #7060A8;">puts</span><span style="color: #0000FF;">(</span><span style="color: #000000;">1</span><span style="color: #0000FF;">,</span><span style="color: #000000;">header</span><span style="color: #0000FF;">)</span> <span style="color: #000080;font-style:italic;">-- (make the example runnable)</span> |
|||
<!--</lang>--> |
|||
In other words I had to "santize" a constant in the source code, in this particular case, and I could have gone further and done something similar with all the other tags. |
|||
=={{header|Raku}}== |
=={{header|Raku}}== |