Reputation: 705
How do I safely take in user input to build another string in my Flutter app?
I need to safely prepare a string that uses user input. I'm using a flutter package called sql_conn to communicate with a SQL database. This is a temporary solution until we build a web server to take in all calls.
This is an example of how a SQL request is sent:
var connectionAllowedResult = await SqlConn.readData("declare @Allowed bit declare @Status nvarchar(4000) exec spHandheldConnectionAllowed '$username', '$ipAddress', '$dbName', @Allowed output, @Status output");
How do I safely prepare this so that a user can't maliciously insert their own SQL statement?
Upvotes: 0
Views: 44
Answers (1)
Reputation: 4735
The package validation_chain on pub.dev might help you out. There are great examples of using custom functions to provide validation.
Doing input validation when the user inputs the field and before the sql statement would be a start.
Another suggestion is to use types that disallow improper input. Instead of storing ip address as a string, store it as a list of 4 int's, etc.
Upvotes: 0
Related Questions
- How can I change the app display name build with Flutter?
- Flutter (Dart): How to Add Copy to Clipboard on Tap in an App?
- How to hide soft input keyboard on flutter after clicking outside TextField/anywhere on screen?
- Flutter how to programmatically exit the app
- How to load JSON assets into a Flutter App?
- How to get build and version number of Flutter app
- How to create number input field in Flutter?
- How can I detect if my Flutter app is running in the web?
- how to use local flutter package in another flutter application?