0

Given an enum parameter list as PHP string, eg $list = "'A', 'B'" how to verify this is

1) valid and

2) safe?

What kind of characters are allowed in an enum? Can I verify this with a regex?

MATH000
  • 1,043
  • 3
  • 13
  • 24
  • What do you mean by an "enum parameter list"? – Sverri M. Olsen Apr 22 '16 at 19:08
  • @Sverri M. Olsen I mean the list you need to provide when you create a table that has an enum – MATH000 Apr 22 '16 at 19:09
  • that's not an "enum parameter list". it's a string. php has no enums. and exactly what do you mean, "safe"? A string is a string. it's harmless. – Marc B Apr 22 '16 at 19:10
  • @Marc B: I am trying to verify no SQL injection will happen when the table with that enum string is created – MATH000 Apr 22 '16 at 19:12
  • 1
    @MarcB: You haven't seen the kind of damage that I can do with a string. – spencer7593 Apr 22 '16 at 19:12
  • well, yeah. it depends on what you DO with that string. but by itself, a string can't do anything. it's just some stuff in memory. – Marc B Apr 22 '16 at 19:13
  • @Marc B: As as I said I am creating a table that has an enum and the possible enum options will be in that string – MATH000 Apr 22 '16 at 19:14
  • @MarcB: but Chuck Norris could make a string do something. – spencer7593 Apr 22 '16 at 19:14
  • mysql enums can contain anything you want. they're just strings. they could raw binary garbage for all mysql cares. if you try to put something into an enum that isn't in the field's enum definition, it just won't go in. – Marc B Apr 22 '16 at 19:15
  • @Marc B Then in that case how to prevent SQL Injection? – MATH000 Apr 22 '16 at 19:16
  • @MATH000 Use prepared statements or (less desirable) escape the data, just like for any other data type. – Barmar Apr 22 '16 at 19:18

0 Answers0