My server app uses prepared statements in almost all cases, to prevent sql injection. Nevertheless a possibility is needed providing special users executing raw SELECT queries.
How can I more or less securely make sure the query does not modify the database? Is it possible to execute a query read only, or is there any other 'secure' way making sure noone tries any sql injection? (Using sqlite3, so I cannot use any privileges)
Thanks a lot!
Aucun commentaire:
Enregistrer un commentaire