RE: Lazy sanitizing of data for SQL queries

This may be an obvious one.... but, unless the db itself knew to unpact it internally, you'd lose all the benefits of being in a database...

Sorting would be funky, queries with any kind of string handling in them wouldn't work....

Seems a little like cutting of your nose... -gabe

-----Original Message-----
From: Sverre H. Huseby [mailto:shh@thathost.com] Sent: Friday, January 24, 2003 12:31 PM
To: HarryM
Cc: webappsec@securityfocus.com
Subject: Re: Lazy sanitizing of data for SQL queries

[HarryM]

| Perhaps a good way of lazily sanitising data to be inserted into

Yes. What would you do for columns that were not textual?

Sverre.

-- 
shh@thathost.com		Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/	
http://nerdquiz.thathost.com/

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek