Best Practices for Sanitizing SQL inputs Using JavaScript?

Posted by Greg Bulmash on Stack Overflow See other posts from Stack Overflow or by Greg Bulmash
Published on 2010-04-30T08:05:06Z Indexed on 2010/04/30 8:07 UTC
Read the original article Hit count: 478

Filed under:
|
|
|
|

So, with HTML5 giving us local SQL databases on the client side, if you want to write a select or insert, you no longer have the ability to sanitize third party input by saying $buddski = mysql_real_escape_string($tuddski) because the PHP parser and MySQL bridge are far away. It's a whole new world of SQLite where you compose your queries and parse your results with JavaScript.

But while you may not have your whole site's database go down, the user who gets his/her database corrupted or wiped due to a malicious injection attack is going to be rather upset.

So, what's the best way, in pure JavaScript, to escape/sanitize your inputs so they will not wreak havoc with your user's built-in database?

Scriptlets? specifications? Anyone?

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about sql