• Welcome, Guest. Please login.
 
July 17, 2019, 04:40:37 pm

News:

Welcome to the SQLitening support forums!


Bind Select Statements to prevent injection

Started by cj, December 19, 2018, 09:17:03 pm

Previous topic - Next topic

cj

December 19, 2018, 09:17:03 pm Last Edit: December 19, 2018, 09:26:53 pm by cj
Not sure how I missed slSelBind.
slSelBind was added a long time ago and can prevent SQLite injection
https://sqlitening.planetsquires.com/index.php?topic=3378.0;wap2
Quote
Added the slSelBind function in order to avoid SQL injection and to improve Unicode processing.

Example extracting encrypted text (3-ways)

slexe  "create table if not exists t1(MyKey UNIQUE,MyData)"
slSetProcessMods "K" + SPACE$(32)
slSelBind "select MyData from t1 where MyKey = ?",slBuildBindDat(sKey,"T")
DO WHILE slGetRow
  ? slConvertDat(slf(1),"D")
  ? slfx(1,"D")
  ? slfnx("MyData","D")
LOOP