Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786
Kurinchi Blogger Scribbles … » Blog Archive » SQL Injection: Whitelist validation vs. blacklist validation

SQL Injection: Whitelist validation vs. blacklist validation

Whitelist validation refers to data validation techniques such as checking the data type, data length, input range, nature of data by its format (for e.g. phone number will be ten digits separated by hyphens satisfying the format nnn-nnn-nnnn). Regular expressions may be used for format validation in inputs.

Blacklist validation refers to rejecting data based on a know bad list filter. This is not a powerful solution as the list of possible exclusions will be many and it is difficult to implement all possible scenarios. Blacklist validation should be used in conjunction with whitelist validation but in cases where whitelist validation cannot be applied at least blacklist validation should be implemented.

Share

Written by kurinchilamp


Website: http://

Leave a Reply

Your email address will not be published. Required fields are marked *

Read previous post:
SQL Injection: Database Code Security in Programming

Dynamic SQL (concatenated sql string) is a coding practice where by the queries are built in the program and sent...

Close