Sanitizing input for heavydb


1 comment

  • Avatar
    David Cruz

    It's been a year and no one has answered, so I'll throw in my own personal practices, which aren't really specific to HEAVY.AI. `mysql_real_escape_string` isn't really very safe, even for PHP/MySQL platforms. There is no parameter bindings option for HEAVY.AI that I've found either.

    Here's some tips:
    1) For user generated queries, make sure that your database `user` has only read access to a table.
    2) White list acceptable input parameters or create parameters based on the inputs you received, but don't simply insert outside inputs.

    Comment actions Permalink

Please sign in to leave a comment.