commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Colebourne" <scolebou...@btopenworld.com>
Subject Re: Checking if a String is both HTML and SQL safe
Date Thu, 21 Aug 2003 23:56:35 GMT
The new version of commons-lang (see CVS at present), will have a class,
StringEscapeUtils, to escape strings including SQL and HTML. This may be of
some use.

Stephen

----- Original Message -----
From: "Marcelo Bello" <ra992119@ic.unicamp.br>
To: <commons-user@jakarta.apache.org>
Sent: Friday, August 22, 2003 12:44 AM
Subject: Checking if a String is both HTML and SQL safe


> I am developing a web application that MUST be safe.
>
> I am searching for a Java lib that can check a string to be both:
>
> - HTML safe (replacing '<' with '&gt' etc... );
> - SQL safe;
>
> SQL safeness is critical, because string typed by the user will be used to
> generate a SQL statement. I can't allow users to input a "malicious"
> string that would end up allowing them to execute arbitrary SQL
> statements.
>
> Anyone know where I could find a Java lib for that?
>
> If not, then consider this email as a suggestion.
>
> Best Regards,
>
> Marcelo Bello
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>


Mime
View raw message