| Subject | Sanitizing form input for Firebird |
|---|---|
| Author | myles@techsol.org |
| Post date | 2006-10-16T21:03:50Z |
I've been using a function that I wrote a while back to sanitize input from
a web form to be passed into Firebird SQL Stored Procedures via PHP.
Basically I look to fix issues with quotations, semi-colons, etc. so that
the data can be stored in Firebird. I think I based this off some open
source code that was on the Internet for MySQL.
The problem I seem to be facing is that there are other characters that are
getting through from some users that are causing problems in the input
handling of arguments in my stored procedures. I'm getting errors such as:
arithmetic exception, numeric overflow, or string truncation Cannot
transliterate character between character sets
The strange thing is that if I copy & paste the SQL that is showing on a web
page where the error occurs and put it directly into IBExpert, it processes
fine.
Anyway does anyone have any existing SQL sanitize functions that they could
share so that I can see if I'm taking care of all character translations
correctly for this?
Thanks
Myles
============================
Myles Wakeham
Director of Engineering
Tech Solutions US, Inc.
Scottsdale, Arizona USA
Phone (480) 451-7440
www.techsol.org
a web form to be passed into Firebird SQL Stored Procedures via PHP.
Basically I look to fix issues with quotations, semi-colons, etc. so that
the data can be stored in Firebird. I think I based this off some open
source code that was on the Internet for MySQL.
The problem I seem to be facing is that there are other characters that are
getting through from some users that are causing problems in the input
handling of arguments in my stored procedures. I'm getting errors such as:
arithmetic exception, numeric overflow, or string truncation Cannot
transliterate character between character sets
The strange thing is that if I copy & paste the SQL that is showing on a web
page where the error occurs and put it directly into IBExpert, it processes
fine.
Anyway does anyone have any existing SQL sanitize functions that they could
share so that I can see if I'm taking care of all character translations
correctly for this?
Thanks
Myles
============================
Myles Wakeham
Director of Engineering
Tech Solutions US, Inc.
Scottsdale, Arizona USA
Phone (480) 451-7440
www.techsol.org