WebApp Sec mailing list archives
Re: PHP for preventing SQL injections?
From: weigelt () metux de
Date: Tue, 16 Sep 2003 23:52:27 +0200
On Tue, Sep 16, 2003 at 04:48:21PM -0400, Lefevre, Steven wrote:
Hey folks - Does anyone know of a regexp for checking SQL strings for injection attempts?
Hmm, you should only let through those characters which are allowed. i.e. /[a-zA-Z0-9\.\_\-\/:\;\,\!\"\$\%\&\(\)\{\}\?\@\^\#\\\+\*\~\>\<\|\s\t]+/ should be enough ... perhaps i've missed some also needed chars. cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT services phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact () metux de cellphone: +49 174 7066481 --------------------------------------------------------------------- Diese Mail wurde mit UUCP versandt. http://www.metux.de/uucp/
Current thread:
- PHP for preventing SQL injections? Lefevre, Steven (Sep 16)
- Re: PHP for preventing SQL injections? Security OnLine.tk (Sep 16)
- Re: PHP for preventing SQL injections? wilfrid (Sep 17)
- Re: PHP for preventing SQL injections? cipherz (Sep 17)
- Re: PHP for preventing SQL injections? Harry M (Sep 18)
- Re: PHP for preventing SQL injections? wilfrid (Sep 17)
- Re: PHP for preventing SQL injections? Security OnLine.tk (Sep 16)
- Re: PHP for preventing SQL injections? weigelt (Sep 16)
- Re: PHP for preventing SQL injections? David Bernick (Sep 18)
- <Possible follow-ups>
- RE: PHP for preventing SQL injections? latte (Sep 16)
- Re: PHP for preventing SQL injections? Alex Lambert (Sep 16)
- RE: PHP for preventing SQL injections? Lefevre, Steven (Sep 17)
- Re: PHP for preventing SQL injections? Sverre H. Huseby (Sep 18)
- Re: PHP for preventing SQL injections? Alex Lambert (Sep 16)
- Re: PHP for preventing SQL injections? Gavin Zuchlinski (Sep 17)