LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

The current development kernel is...linux-next?

Notes on the Viacom ruling

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

LWN.net Weekly Edition for June 26, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Eliminating the problem

Eliminating the problem

Posted Jun 1, 2006 14:42 UTC (Thu) by jschrod (subscriber, #1646)
In reply to: Eliminating the problem by ncm
Parent article: SQL injection vulnerabilities in PostgreSQL

But this approach immediately leads to problems in an international context -- because most often it leads to the ban of all non-ASCII characters in names or addresses, as we have experienced so often in the past. But I live in Rödermark, and not in Rodermark or Roedermark, and I want to input that properly. The same holds surely for folks from China or Japan.

Nah, IMNSHO prepared queries with parameters are the only proper way to go.

Cheers, Joachim

(Log in to post comments)

Eliminating the problem

Posted Jun 2, 2006 2:45 UTC (Fri) by xoddam (subscriber, #2322) [Link]

> The same holds surely for folks from China or Japan.

Not to mention Iceland :-)

Eliminating the problem

Posted Jun 9, 2006 9:25 UTC (Fri) by aquasync (guest, #26654) [Link]

This shouldn't matter, the ö will be replaced with \ö, and then when evaluated as an part of an sql string, it should be turned back into ö (even if it was actually made up of multiple bytes).
That is provided that the escape policy is to replace \[\a-z]|(0-9){3} or whatever with the relevant unescaped thing, and otherwise to just copy the character verbatim into the output string.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.