I'm looking to whitelist user inputs before they are entered in my Oracle database. I have a (sloppy) method called cleanString(String param, String stringToClean).
Based on the param, the string is cleaned with replaceAll() Note: there are a lot of different Strings
Example:
if(param.equals("title")){
retVal =stringToClean.replaceAll("[^a-zA-Z-&,\\s]", "");
Instead of going through every single possibility, are there Java regexs out there that pertain to data_types in an Oracle database? I have been missing inputs here and there because the regexs are not perfect.
i.e.
a regex that matches varchar2(255byte), one that matches varchar(20 byte), numbers, dates, etc. etc.
Aucun commentaire:
Enregistrer un commentaire