I was trying to come up with a regex to fix er block(sql injection) not sure how to write this properly. should I be doing this in the form validation code (since this is a loginbox() process or is it better practice to fix it in the sql itself? I am really horrendous with regexes
#want/need to add something to $user to test if its invalid #input
#next if $User(/^"*^';&<>()/);
#$User.'.'.';
#$Response->Write("Invalid Input");
my $sql = "SELECT Name,
UserID,
Passwd,
Class
FROM Users
WHERE UserID='$User';";"