tags:

views:

82

answers:

5

Is there any pl/sql package which is already written to handle all the scenearios which prevents SQL Injection.Please let me know if any one aware such package.

Thanks for your help

+4  A: 

Prepared Statements

Kevin Crowell
Thanks for reply , I am looking for a package that validates user inputs. Like checks for only alpha numeric and special symbols etc etcIt would be great helpful if package exits to check all scenarios
Hibernate might have something to do that. I am not sure.http://www.hibernate.org/
Kevin Crowell
+4  A: 

just use prepared statements in PL/SQL. That will protect against sql injections

Igor Zelaya
A: 

Thanks for reply , I am looking for a package that validates user inputs. Like checks for only alpha numeric and special symbols etc etc It would be great helpful if package exits to check all scenarios –

A: 

It sounds more like you want an ORM for applications that use the database more than a PostgreSQL package. Or at least encapsulate your code in a function to provide parameterization.

Think about it this way. SQL injection works by turning invalid input into malicious (but valid) SQL. How would the database be able to determine anything else as far as whether or not it's valid SQL? And if it could tell otherwise in all cases, why wouldn't it just do that by default instead of requiring you to use a certain package?

Jason Baker
A: 

yes exactly. for example if user enters a input text with some un authorized symbols like single quote,&,@ etc..etc.We have to make sure that only allow authorized symbols. This can be achieved by validating user input in client side,but we need this to be used globally across all different 20 applications. Thats the reason we opted for pl/sql package to be used across all different applns with different technologies.

I am just wondering someone might have written code for it and no need reinvent wheel again ! please let me know if you come across similar package.