Search Postgresql Archives

Re: stripping HTML, SQL injections ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Scott-

In JavaScript
http://www.java2s.com/Tutorial/JavaScript/0520__Regular-Expressions/StripHTM
L.htm

M--
----- Original Message -----
From: "Scott Marlowe" <scott.marlowe@xxxxxxxxx>
To: "A.M." <agentm@xxxxxxxxxxxxxxxxxxxxx>
Cc: "pgsql-general" <pgsql-general@xxxxxxxxxxxxxx>
Sent: Wednesday, November 14, 2007 6:16 PM
Subject: Re:  stripping HTML, SQL injections ...


> On Nov 14, 2007 4:51 PM, A.M. <agentm@xxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >
> > On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
> >
> > > On Nov 14, 2007 2:40 PM, madhtr <madhtr@xxxxxxxxx> wrote:
> > >> Quick question, are there any native functions in PostGreSQL 8.1.4
> > >> that will
> > >> strip HTML tags, escape chars, etc?
> > >
> > > I can't think of a lot of native functions, but it's sure easy enough
> > > to roll your own with things like the regex functionality built in.
> >
> > Please don't do that- there are corner cases where a naive regex can
> > fail, leaving the programmer thinking he is covered when he is not.
> > The variety of web languages include filtering modules
> > (HTML::Scrubber)- in the case of Perl or PHP, it can even be run
> > server-side.
>
> And given that pl/PHP can run that inside the database, there's a
> reason you can't do it there?
>
> > Furthermore, one shouldn't use an API which allows for SQL injections.
>
> Oh heck, I hadn't even noticed he was asking about escaping things.  I
> guess it really matters what he means by escaping them.  If he's
> talking url encoding decoding, that's something you could do safely in
> the db (again, with something like pl/PHP or pl/perl) but SQL escaping
> should be done before the db ever sees the data.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>


---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux