| |||||||||||||
|
| |||||||||||||
Eliminating the problemEliminating the problemPosted Jun 1, 2006 14:42 UTC (Thu) by jschrod (subscriber, #1646)In reply to: Eliminating the problem by ncm Parent article: SQL injection vulnerabilities in PostgreSQL
But this approach immediately leads to problems in an international context -- because most often it leads to the ban of all non-ASCII characters in names or addresses, as we have experienced so often in the past. But I live in Rödermark, and not in Rodermark or Roedermark, and I want to input that properly. The same holds surely for folks from China or Japan.
Nah, IMNSHO prepared queries with parameters are the only proper way to go.
Cheers, Joachim
(Log in to post comments)
Eliminating the problem Posted Jun 2, 2006 2:45 UTC (Fri) by xoddam (subscriber, #2322) [Link] > The same holds surely for folks from China or Japan.Not to mention Iceland :-)
Eliminating the problem Posted Jun 9, 2006 9:25 UTC (Fri) by aquasync (subscriber, #26654) [Link] This shouldn't matter, the ö will be replaced with \ö, and then when evaluated as an part of an sql string, it should be turned back into ö (even if it was actually made up of multiple bytes).That is provided that the escape policy is to replace \[\a-z]|(0-9){3} or whatever with the relevant unescaped thing, and otherwise to just copy the character verbatim into the output string.
|
|
||||||||||||