Re: rules to escape special chars and avoid SQL Injection -- JAVA400-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: Re: rules to escape special chars and avoid SQL Injection
From: John Arevalo <johnarevalo@xxxxxxxxx>
Date: Wed, 23 Mar 2011 17:39:31 -0500
List-archive: <http://archive.midrange.com/java400-l>
List-help: <mailto:java400-l-request@midrange.com?subject=help>
List-id: Java Programming on and around the IBM i <java400-l.midrange.com>
List-post: <mailto:java400-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/java400-l>, <mailto:java400-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/java400-l>, <mailto:java400-l-request@midrange.com?subject=unsubscribe>

Thanks for all your replies.

i've posted a issue for Doctrine DBAL, in order to support iSeries
DB[1]. because this is part of generic API which builds SQL
dinamically, prepare statements not applied. it's necesary escape the
value of each variable.

i don't need ready-to-run PHP code, just pseudocode of escaping
method, or which are all the special SQL characters for iSeries should
i consider.

Thanks again.

[1] http://www.doctrine-project.org/jira/browse/DBAL-103

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.