Hosting Provided By

Re: [GENERAL] stripping HTML, SQL injections ...

From: A.M. <agentm(at)themactionfaction.com>
Date: Wed Nov 14 2007 - 17:51:17 EST

On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:

> On Nov 14, 2007 2:40 PM, madhtr <madhtr@schif.org> wrote:
>> Quick question, are there any native functions in PostGreSQL 8.1.4
>> that will
>> strip HTML tags, escape chars, etc?
>
> I can't think of a lot of native functions, but it's sure easy enough
> to roll your own with things like the regex functionality built in.

Please don't do that- there are corner cases where a naive regex can fail, leaving the programmer thinking he is covered when he is not. The variety of web languages include filtering modules (HTML::Scrubber)- in the case of Perl or PHP, it can even be run server-side.

Furthermore, one shouldn't use an API which allows for SQL injections.

Cheers,
M

---------------------------(end of broadcast)---------------------------

TIP 5: don't forget to increase your free space map settings Received on Wed Nov 14 17:53:04 2007

This message: [ Message body ]
Next message: Scott Marlowe: "Re: [GENERAL] stripping HTML, SQL injections ..."
Previous message: dycharles: "[GENERAL] Qeury a boolean column?(using postgresql & EJB)"
In reply to: Scott Marlowe: "Re: [GENERAL] stripping HTML, SQL injections ..."
Next in thread: Scott Marlowe: "Re: [GENERAL] stripping HTML, SQL injections ..."
Reply: Scott Marlowe: "Re: [GENERAL] stripping HTML, SQL injections ..."
Reply: Kevin Hunter: "Re: [GENERAL] stripping HTML, SQL injections ..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon Jun 16 2008 - 19:52:47 EDT