Is there any pl/sql package which is already written to handle all the scenearios which prevents SQL Injection.Please let me know if any one aware such package.
Thanks for your help
Is there any pl/sql package which is already written to handle all the scenearios which prevents SQL Injection.Please let me know if any one aware such package.
Thanks for your help
just use prepared statements in PL/SQL. That will protect against sql injections
It sounds more like you want an ORM for applications that use the database more than a PostgreSQL package. Or at least encapsulate your code in a function to provide parameterization.
Think about it this way. SQL injection works by turning invalid input into malicious (but valid) SQL. How would the database be able to determine anything else as far as whether or not it's valid SQL? And if it could tell otherwise in all cases, why wouldn't it just do that by default instead of requiring you to use a certain package?
yes exactly. for example if user enters a input text with some un authorized symbols like single quote,&,@ etc..etc.We have to make sure that only allow authorized symbols. This can be achieved by validating user input in client side,but we need this to be used globally across all different 20 applications. Thats the reason we opted for pl/sql package to be used across all different applns with different technologies.
I am just wondering someone might have written code for it and no need reinvent wheel again ! please let me know if you come across similar package.