• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

General question regarding DBMS

 
Ranch Hand
Posts: 44
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello everyone,

while reading through the security guidelines, provided by OWASP, regarding SQL Injection Prevention, I came across "Escaping all User Supplied Input" (link). I don't have much knowledge regarding the general DBMS concepts so I couldn't understand its meaning. What does "escaping user input" actually mean in programming language or in DBMS ? A plain Google search gave results on how to do the "escaping" but not the definition of what it actually is.

So, please provide me the definition or any external link for this.
 
Sheriff
Posts: 3837
66
Netbeans IDE Oracle Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'd suggest trying Wikipedia first. It should be enough to introduce you into the problem.

I'd only like to emphasize you should always use bind variables to prevent SQL injection, that makes you 100% protected from this type of attacks. It is not very clear from that article. Don't concentrate on escaping very much, you really shouldn't ever need it. Only if you cannot use binds for some really serious and unavoidable reason (and I doubt it is ever the case), you'd need to do the escaping. It is actually very hard to get it 100% bulletproof.
 
reply
    Bookmark Topic Watch Topic
  • New Topic