Sanitizing forms in vibe.d. How?
Bauss via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Mon Dec 12 06:53:25 PST 2016
On Monday, 12 December 2016 at 10:25:05 UTC, aberba wrote:
> On Monday, 12 December 2016 at 00:42:54 UTC, Nicholas Wilson
> wrote:
>> On Sunday, 11 December 2016 at 18:30:54 UTC, aberba wrote:
>
>> You can enforce that the string that you receive is an email
>> address with `isEmail` from `std.net.isemail`
>
> Nice.
>
>> What sql library are you using? there is probably a function
>> in that somewhere, that does sanitisation, or use prepared
>> statements.
>
> Will look into that. Currently planning to use mysql-lited (not
> sure which one is more capable though)
>
>
>
> How about alternative to php strip_tags(), strip_slash() ?
With vibe.d I would definitely go with mysql-native instead since
it's already compatible with it.
See: https://github.com/mysql-d/mysql-native
vibe.d and D in general doesn't suffer from the same things PHP
does when it comes to sanitizing.
As long as you use prepared statements, then you won't suffer
from it.
It's much safer to validate data, than sanitize it. That way you
don't get garbage either.
More information about the Digitalmars-d-learn
mailing list