I am writing a site that
does select/insert SQL commands with users input.
There is a potential hazard if some one tries to execute there
own commands in an input box
eg. the user types into the input box on a form - [ "; delete *
from table; ]
I'm after a regular expression (that'd be nice) or an algorithm to
tell that only one query is being passed to psql at a time.
The query string will be processed if
Either - one SELECT command only
- one INSERT command only
- one UPDATE command only
ELSE - dont process query
Any input would be much appreciated.
thanks,
stef
