User: Password:
|
|
Subscribe / Log in / New account

Eliminating the problem

Eliminating the problem

Posted Jun 9, 2006 9:25 UTC (Fri) by aquasync (guest, #26654)
In reply to: Eliminating the problem by jschrod
Parent article: SQL injection vulnerabilities in PostgreSQL

This shouldn't matter, the ö will be replaced with \ö, and then when evaluated as an part of an sql string, it should be turned back into ö (even if it was actually made up of multiple bytes).
That is provided that the escape policy is to replace \[\a-z]|(0-9){3} or whatever with the relevant unescaped thing, and otherwise to just copy the character verbatim into the output string.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds