Sanitize user input: Difference between revisions
m
→{{header|Raku}}: direct link
Thundergnat (talk | contribs) m (→{{header|Raku}}: typo) |
Thundergnat (talk | contribs) m (→{{header|Raku}}: direct link) |
||
Line 28:
Instead either <u>validate</u> input to make sure it follows a certain format, <u>whitelist</u> input so only a know few commands are permitted, or if those aren't possible, <u>use 3rd party tools</u> the 3rd party system provides to make arbitrary input "safe" to run. Which one of these is used depends on what system you need to interact with.
For the case given, (Bobby Tables), where you are presumably putting names into some 3rd party data storage (nominally a database of some kind), you would use bound parameters to automatically "make safe" any user input. See [[
Validating is making sure the the input matches some predetermined format, usually with some sort of regular expression. For names, you probably want to allow a fixed maximum (and minimum!) number of: any word or digit character, space and period characters and possibly some small selection of non-word characters. It is a careful balance between too restrictive and too permissive. You need to avoid falling into pre-conceived assumptions about:
| |||