Before deciding against using BASH for this CGI, I went through the paces of injection denial and found something cool.
BASH supports regex now(as of 3.0 I think).
Commands like this work great:
[mcotner@xyz:~]$ select='SELECT boogie'
[mcotner@xyz:~]$ delete='DELETE boogie'
[mcotner@xyz:~]$ if [[ $select =~ '^SELECT' || $select =~ '^SHOW' ]]; then echo 'yea'; fi
yea
Should be very handy in the future even though I'm not going to use it for this project.
No comments:
Post a Comment