W3C home > Mailing lists > Public > public-lod@w3.org > March 2010

Preventing SPARQL injection

From: Angelo Veltens <angelo.veltens@online.de>
Date: Sat, 27 Mar 2010 13:10:35 +0100
Message-ID: <4BADF5BB.8030208@online.de>
To: "public-lod@w3.org" <public-lod@w3.org>
Hi all,

my name is Angelo Veltens, i'm studying computer science in germany. I
am using the jena framework with sdb for a student research project.

I'm just wondering how to prevent sparql injections. It seems to me,
that i have to build my queries from plain strings and do the sanitizing
on my own. Isn't there something like prepared statements as in
SQL/JDBC? This would be less risky.

Kind regards,
Angelo Veltens
Received on Monday, 29 March 2010 14:46:52 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:16:04 UTC