WebApp Sec mailing list archives
Re: PHP for preventing SQL injections?
From: weigelt () metux de
Date: Tue, 16 Sep 2003 23:52:27 +0200
On Tue, Sep 16, 2003 at 04:48:21PM -0400, Lefevre, Steven wrote:
Hey folks - Does anyone know of a regexp for checking SQL strings for injection attempts?
Hmm, you should only let through those characters which are allowed.
i.e. /[a-zA-Z0-9\.\_\-\/:\;\,\!\"\$\%\&\(\)\{\}\?\@\^\#\\\+\*\~\>\<\|\s\t]+/
should be enough ... perhaps i've missed some also needed chars.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT services
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact () metux de
cellphone: +49 174 7066481
---------------------------------------------------------------------
Diese Mail wurde mit UUCP versandt. http://www.metux.de/uucp/
Current thread:
- PHP for preventing SQL injections? Lefevre, Steven (Sep 16)
- Re: PHP for preventing SQL injections? Security OnLine.tk (Sep 16)
- Re: PHP for preventing SQL injections? wilfrid (Sep 17)
- Re: PHP for preventing SQL injections? cipherz (Sep 17)
- Re: PHP for preventing SQL injections? Harry M (Sep 18)
- Re: PHP for preventing SQL injections? wilfrid (Sep 17)
- Re: PHP for preventing SQL injections? Security OnLine.tk (Sep 16)
- Re: PHP for preventing SQL injections? weigelt (Sep 16)
- Re: PHP for preventing SQL injections? David Bernick (Sep 18)
- <Possible follow-ups>
- RE: PHP for preventing SQL injections? latte (Sep 16)
- Re: PHP for preventing SQL injections? Alex Lambert (Sep 16)
- RE: PHP for preventing SQL injections? Lefevre, Steven (Sep 17)
- Re: PHP for preventing SQL injections? Sverre H. Huseby (Sep 18)
- Re: PHP for preventing SQL injections? Alex Lambert (Sep 16)
- Re: PHP for preventing SQL injections? Gavin Zuchlinski (Sep 17)