Best Practices for Sanitizing SQL inputs Using JavaScript?
Posted
by Greg Bulmash
on Stack Overflow
See other posts from Stack Overflow
or by Greg Bulmash
Published on 2010-04-30T08:05:06Z
Indexed on
2010/04/30
8:07 UTC
Read the original article
Hit count: 478
So, with HTML5 giving us local SQL databases on the client side, if you want to write a select or insert, you no longer have the ability to sanitize third party input by saying $buddski = mysql_real_escape_string($tuddski)
because the PHP parser and MySQL bridge are far away. It's a whole new world of SQLite where you compose your queries and parse your results with JavaScript.
But while you may not have your whole site's database go down, the user who gets his/her database corrupted or wiped due to a malicious injection attack is going to be rather upset.
So, what's the best way, in pure JavaScript, to escape/sanitize your inputs so they will not wreak havoc with your user's built-in database?
Scriptlets? specifications? Anyone?
© Stack Overflow or respective owner