Sanitizing input for heavydb
Hello, I'm new here in HEAVY.AI community forum.
I have a question. What is the best practice for sanitizing input (query) sent to the heavydb? Should I use something like PHP's mysql_real_escape_string for it? I am currently using Python 3 script which I will use from PHP by calling it.
Sincerely, Tsubasa Kato
CEO at Inspire Search Corporation
-
It's been a year and no one has answered, so I'll throw in my own personal practices, which aren't really specific to HEAVY.AI. `mysql_real_escape_string` isn't really very safe, even for PHP/MySQL platforms. There is no parameter bindings option for HEAVY.AI that I've found either.
Here's some tips:
1) For user generated queries, make sure that your database `user` has only read access to a table.
2) White list acceptable input parameters or create parameters based on the inputs you received, but don't simply insert outside inputs.
Please sign in to leave a comment.
Comments
1 comment