[thelist] Need help with a simple regex (Monday annoyance)

Matt Warden mwarden at gmail.com
Mon Apr 4 22:04:10 CDT 2005


Jonathan,

On Apr 4, 2005 7:42 PM, Jonathan Dillon <jdillon at boehm-ritter.com> wrote:
> I have a field in an application that has a single text input that can
> search multiple datatypes with the use of a pulldown.  Easy to hook it up,
> but now I want to make sure that SQL injection attacks are completely not
> possible.

I think we showed in an earlier thread that you can basically guard
against this by escaping single quotes. There was some discussion also
about encoding attacks, but it seemed to be largely theoretical, as we
could not get an example of the attack to work.

So, I guess my question is: are you just trying to guard against SQL
injection attacks? You don't need to match as strictly as you are
trying to, for that.

But, if you are trying to match the expected input for reasons in
addition to guarding against SQL injection, then my second point is
that it does not necessarily have to be one regular expression.
Obviously this is probably the most efficient solution, but probably
also the least readable solution.

http://www.google.com/search?q=email+%7Eregex

http://www.google.com/search?q=%7Eurl+%7Eregex

-- 
Matt Warden
Miami University
Oxford, OH, USA
http://mattwarden.com


This email proudly and graciously contributes to entropy.


More information about the thelist mailing list