I'm using regex (https?:\/\/.*\.(?:png|jpg|jpeg|gif)) to validate image url and it's working, but still some unwanted user could put a code like this in the image url:
http://avatar/image'OR''='/someimage.jpg and I wonder if there is another regex can detect special character like ' and ;
Asked
Active
Viewed 455 times
-1
PeeHaa
- 71,436
- 58
- 190
- 262
user2836335
- 21
- 3
-
Give up the idea of guarding against SQLi by using blacklists. Make your DB access secure instead, by parameterizing your queries and doing whatever you platform allows you to do in this direction. – Cristian Lupascu Oct 10 '13 at 09:03
1 Answers
0
Don't ever rely on regex for protecting your database against sql-injection. Use parameterized queries instead for user input inside sql-statements.
Vince
- 1,517
- 2
- 18
- 43