WebApp Sec mailing list archives

Re: Lazy sanitizing of data for SQL queries

From: "Sverre H. Huseby" <shh () thathost com>
Date: Fri, 24 Jan 2003 21:31:03 +0100

[HarryM]

|   Perhaps a good way of lazily sanitising data to be inserted into
|   an SQL query would be to Base64 encode it?  [...] Can anyone see a
|   problem with this idea?

Yes.  What would you do for columns that were not textual?


Sverre.

-- 
shh () thathost com             Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/        http://nerdquiz.thathost.com/

Current thread:

Re: Lazy sanitizing of data for SQL queries Sverre H. Huseby (Jan 24)
- Re: Lazy sanitizing of data for SQL queries Sverre H. Huseby (Jan 24)
- <Possible follow-ups>
- RE: Lazy sanitizing of data for SQL queries Brass, Phil (ISS Atlanta) (Jan 24)
- RE: Lazy sanitizing of data for SQL queries Lawrence, Gabriel (Jan 24)