Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to avoid SQL injection in a javascript text field?

I have a javascript code that access a sqlite3 database. I would like to validate my text field value and prevent SQL injection. Is there an "optimum algorithm" for that?

--update: I'm developing a Xulrunner desktop application. Maybe I should use the database in the xpcom component, which is compiled (written in C), so the user will not have access to it..

like image 587
The Student Avatar asked Apr 29 '11 20:04

The Student


People also ask

Which methods can be used to avoid SQL injection?

The only sure way to prevent SQL Injection attacks is input validation and parametrized queries including prepared statements. The application code should never use the input directly. The developer must sanitize all input, not only web form inputs such as login forms.

How can blind SQL injection be prevented?

As with regular SQL injection, blind SQL injection attacks can be prevented through the careful use of parameterized queries, which ensure that user input cannot interfere with the structure of the intended SQL query.


2 Answers

Typically SQL injection is avoided using parameterized SQL statements.

Here's an MSDN article describing how you would do this.

Here is another article that describes several ways you can prevent sql injection.

like image 94
Cole W Avatar answered Nov 14 '22 23:11

Cole W


SQL injection prevention is done at the server side, there is nothing you can do on the client side to prevent it.

like image 32
Otávio Décio Avatar answered Nov 14 '22 23:11

Otávio Décio