No reports yet published. The Chair is responsible for publishing reports. More about publishing…
The gist: as a tokenized query protocol, it is not ‘safe’ to build SPARQL queries by concatenating strings which may contain user-supplied input.
In SQL, this is called “SQL Injection”:
- CWE-89: Improper Neutralization of special elements used in an SQL command (‘SQL Injection’)
Lots of useful links here: http://www.reddit.com/r/semanticweb/comments/1lvbhe/best_practices_for_working_with_sparql_in/
More specifically: http://redd.it/1lvbhe#cc4111u
Welcome to Community and Business Groups. This is your first post. Edit or delete it, then start blogging!