apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: Untainting DBD input?
Date Sun, 10 Jun 2007 00:33:14 GMT
On Sun, 10 Jun 2007 01:27:11 +0100
Nick Kew <nick@webthing.com> wrote:

> I've implemented this in apr_dbd_freetds by extending the
> prepared statement syntax to support parameters of the form
> %{regexp}s (or %{regexp}123s to indicate also a size limit).
> The regexp is then compiled, at config time, and applied in
> the manner of Perl taint checking to incoming data.

Of course, I meant the regexps are compiled in apr_dbd_prepare.

Doh!

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message