Does anyone have any suggestions on how to sanitize user submitted variables on the server side, so that I'm protected from SQL injection?
For example, I want to do this but it's clearly not safe:
Code: Select all
var sql = "select * from users where userName='" + nick + "' and password='" + pass + "'";
Normally I'd use an escaping function (in .net, coldfusion, php, etc) or some regular expressions, but I don't think either of those are available in SFS ActionScript (or are they?).
Thoughts?
-mark