kate 5 Posted August 20, 2016 Report Share Posted August 20, 2016 (edited) Hi Is there any command in ubot studio 5 to sanitize SQL Query ? I cant find it in current Ubot(5.9.33). I think its crucial feature that missing from database command (if its true there's no feature like this).Simple regex to replace " ' " is not adequate, Here is why: http://stackoverflow.com/questions/8506574/sql-injection-isnt-replace-good-enough Workaround i can think of: 1. Develop plugin to do this ("escape sql" command, or better, parameter binding.)2. Using python to sanitize3. Using php to sanitize4. Using online database All database that ubot studio 5 supported need this feature.1. SQLLite currently has problem )2. There is open issue about this Edited August 21, 2016 by kate Quote Link to post Share on other sites
HattoriHanzo 5 Posted August 21, 2016 Report Share Posted August 21, 2016 Using python you can do parameter substitution for sql - this will take care of all sanitizing As an added advantage you will also be able to set things like connection timeouts etc Quote Link to post Share on other sites
kate 5 Posted August 21, 2016 Author Report Share Posted August 21, 2016 Using python you can do parameter substitution for sql - this will take care of all sanitizing As an added advantage you will also be able to set things like connection timeouts etcYes, we can use ORM too Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.