On 2006-04-13 07:17:57 -0000 (Thu, Apr), susam_pal_at_yahoo.co.in wrote:
> I am writing some examples. Please tell me if these are the examples
> of Canonicalization.
>
> 1. When an web application gets parameters from a GET request or POST
> request, and if that parameter is going to be used as a part of an SQL
> query, then the programmer must take care to convert the single-quote
> (') to two single-quotes('') for Oracle Database in order to prevent
> SQL injection. Is this canonicalization?
>
> 2. Take a guestbook of a site. The feedback given is going to appear
> back in the web-page. Here we need to take care that things like
> "<font>" should be converted to ">font<" before it appears on
> the page. Is this a case of canonicalization?
I suppose, no. These are examples of ... err.. escaping or quoting.
Canonicalization would be, for example, ensuring that ' is changed
to single quote, or removing backslashes from places where they are not
needed - <f\ont> => <font>
See http://en.wikipedia.org/wiki/Canonicalization
--
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
Trust me.
- application/pgp-signature attachment: stored
Received on Apr 14 2006
Intro
