tags:

views:

27

answers:

1
Q: 

SQLITE and iPhone Input Sanitisation

Hi there,

We are making our very first iPhone game, and if the user gets a high score then we need to let them enter their name to store it in the high-scores database inside the app.

What I was wondering is how do we go about sanitising the input on the iPhone. Obviously we don't want them dropping tables when inputting their name!

Can anybody please offer any advice or a push in the right direction?

Thanks, Dwaine

+1  A: 

At the very least, you should be using parameterized queries.

For example:

sqlite3_reset(insertStatement);

sqlite3_bind_text(insertStatement, 1, [userInput UTF8String], -1, SQLITE_TRANSIENT);

if(SQLITE_DONE != sqlite3_step(insertStatement))
{
    //handle error

//etc...

You could also use Core Data and rely on it to handle the implementation details. That'd be my recommendation.

Don  2010-06-29 04:38:48
Hi Don,This is what I am doing. I'm just worried about people trying to drop my tables or delete the database when entering their name.Or does this get around that?
Dwaine Bailey  2010-06-29 04:47:50
Yes, SQL injection attacks assume you are building the query string in memory. Parameterized queries using, say, string data will only allow string data and will treat the input as a string. That is, if they try to get you to execute `SELECT * FROM users WHERE name = 'a';DROP TABLE users;` it will be sent to the database as `SELECT * FROM users WHERE name = "'a';DROP TABLE users;"`.
Don  2010-06-29 05:19:07

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode