| Subject | using procedures for inserts |
|---|---|
| Author | Tom Wright |
| Post date | 2011-07-07T18:46:12Z |
Hi,
I'm pretty new to firebird but have decided it's time to learn something
a bit more advanced than very basic mySQL (i.e. learnt before mySQL
supported triggers and procedures).
It seems sensible to me to use procedures to validate my data before
inserting it into the tables, I have two main questions.
1) If a user has permissions on a procedure that inserts data into a
table, will I need to also provide them with write permissions on the
underlying table?
2) Are there any functions out there similar to the PHP
mysql_real_escape_string() that I can use to sanitize the strings before
inserting them into a database (I realise this approach won't stop SQL
injection attacks breaking the procedure but I believe in layered
protection)?
Thanks
Tom
[Non-text portions of this message have been removed]
I'm pretty new to firebird but have decided it's time to learn something
a bit more advanced than very basic mySQL (i.e. learnt before mySQL
supported triggers and procedures).
It seems sensible to me to use procedures to validate my data before
inserting it into the tables, I have two main questions.
1) If a user has permissions on a procedure that inserts data into a
table, will I need to also provide them with write permissions on the
underlying table?
2) Are there any functions out there similar to the PHP
mysql_real_escape_string() that I can use to sanitize the strings before
inserting them into a database (I realise this approach won't stop SQL
injection attacks breaking the procedure but I believe in layered
protection)?
Thanks
Tom
[Non-text portions of this message have been removed]