INTRODUCTION AND RELEVANT INFORMATION:
I have an edit control in which user should enter a company name.
Edit control is locale aware.
PROBLEM:
I wish to properly protect it from
SQL injection attacks
and from user entering nonsense characters.
MY EFFORTS TO SOLVE THE PROBLEM:
I was thinking of discarding
colon
, and
semicolon
in my subclassing procedure in response to
WM_CHAR
, and to perform the validation again in response to
EN_CHANGE
. If problem occurs I would inform the user and disable "Save" button.
Since my application is locale aware,
I need locale aware
functions for testing the input character.
So far I have found
IsCharAlpha[
^] and
IsCharAlphaNumeric[
^] which seem locale aware ( my English is not the best so maybe I have misread the MSDN documentation, I apologize for that ).
I have also searched here for similar questions but found none.
QUESTION:
Will discarding
semicolon
only do the trick, or I need to take some other characters into consideration?
Am I on the "right track" with subclassing +
EN_CHANGE
or is there a better way to achieve this? If there is can you point me in the right direction?
Thank you.
Best regards.