i have javascript code access sqlite3 database. validate text field value , prevent sql injection. there "optimum algorithm" that?
--update: i'm developing xulrunner desktop application. maybe should use database in xpcom component, compiled (written in c), user not have access it..
typically sql injection avoided using parameterized sql statements.
here's msdn article describing how this.
here article describes several ways can prevent sql injection.
Comments
Post a Comment