Re: SQL Injection

[<athena () buyukada co uk>]

<delurk>
Ok, this is a little simplistic but what the hell. I'm going
use C, simply because it's fairly clear as to what's going on here, even
though really this is the wrong language to do it in. Consider the following
function (and lets just pretend that really its a web app function somewhere
in an include).

int foo(char *bar, int id){
    printf("Your baltac was %s and you did %i Hello Yvettes\n", bar, id);
    return 0;
}

It's hideously insecure for a number of reasons. The most fundamental
issue is the fact that this function trusts whatever's been passed to it.
What we need to do is something like this:

int foo(char *bar, int id){
    char *expectedInput;
    bartok *baltac;

    expectedInput = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";

    if (validate(foo, expectedInput) != 0)
        return NULL;
    }

    expectedInput = "0123456789";
    if (validate(id, expectedInput) != 0){
        return NULL;
    }

    baltac.foo = foo;
    baltac.id = id;

    printf("Your baltac was %s and you did %i Hello Yvettes\n", bar, id);
    return *baltac;
}

Lets assume that in this case a simple check to ensure only expected
characters provides a suitable level of validation for what we want to do.

In the case above, foo doesn't need to validate the return value of the
validate function because we know validate will return specific values.We know the foo() function will return a NULL if 
the validation fails and
a pointer if it's ok. The calling function can then take action on a NULL
and validate it if it isn't.
We MIGHT want to validate the return value of foo as its a pointer to
baltac - other operations performed on the values of baltac.foo and
baltac.id mightresult in the contents no longer matching the expectedInput.

IMHO you should validate whenever you're uncertain of the contents, be it
in a function, a form field or whatever.
Just my 0.02 groats,

Steve