/[a-zA-Z0-9]{0,7}/ to filter against almost ALL sql injectino here? In this case username or passwords can only be all letters and figures, with no more than 7 characters.
No offence here, but I really want to know how can a person place a SQL here with such regexp limitation? Is it an almost perfect way to protect against SQL injection?
can you please give me some suggestion about that? thank you
/[a-zA-Z0-9]{0,7}/ to filter against almost ALL sql injectino here? In this case username or passwords can only be all letters and figures, with no more than 7 characters.
No offence here, but I really want to know how can a person place a SQL here with such regexp limitation? Is it an almost perfect way to protect against SQL injection?
can you please give me some suggestion about that? thank you
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1768/1310#1310