How to avoid SQL injection in javascript textbox?

Question

How to avoid SQL injection in javascript textbox?

I have javascript code accessing sqlite3 database. I would like to check the value of the text field and prevent SQL injection. Is there an “optimal algorithm” for this?

- update: I am developing a Xulrunner desktop application. Perhaps I should use the database in the xpcom component that is compiled (written in C), so the user will not have access to it.

+5

javascript sql sql-injection

Tom brito Apr 29 '11 at 20:08

source share

3 answers

SQL- , , .

+5

Otávio Décio 29 . '11 20:10

, , , - JavaScript , .., , , . , , , , , , .

0

G Gordon Worley III 29 . '11 20:16

Cole W · Accepted Answer · 2011-04-29T20:12:45+0000

Normally, SQL injection is eliminated using parameterized SQL statements.

Here's an MSDN article describing how you do this.

SQL.

How to avoid SQL injection in javascript textbox?

More articles: