| From: | "A(dot)M(dot)" <agentm(at)themactionfaction(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: stripping HTML, SQL injections ... |
| Date: | 2007-11-14 22:51:17 |
| Message-ID: | A8645D1F-B662-436F-AD65-AE84865AA82E@themactionfaction.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
> On Nov 14, 2007 2:40 PM, madhtr <madhtr(at)schif(dot)org> wrote:
>> Quick question, are there any native functions in PostGreSQL 8.1.4
>> that will
>> strip HTML tags, escape chars, etc?
>
> I can't think of a lot of native functions, but it's sure easy enough
> to roll your own with things like the regex functionality built in.
Please don't do that- there are corner cases where a naive regex can
fail, leaving the programmer thinking he is covered when he is not.
The variety of web languages include filtering modules
(HTML::Scrubber)- in the case of Perl or PHP, it can even be run
server-side.
Furthermore, one shouldn't use an API which allows for SQL injections.
Cheers,
M
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2007-11-14 23:16:22 | Re: stripping HTML, SQL injections ... |
| Previous Message | dycharles | 2007-11-14 22:05:32 | Qeury a boolean column?(using postgresql & EJB) |