Forum > Databases

Strip Bad SQL Characters

<< < (3/3)

Zvoni:

--- Quote from: MarkMLl on April 27, 2022, 09:30:59 am ---
--- Quote from: PascalDragon on April 27, 2022, 08:54:35 am ---But it's the safest approach. What if you forgot to handle some character when manually removing or escaping characters? Also the approach of removing characters as nugax does instead of escaping them is essentially modifying what the user provided which depending upon the usecase might simply be wrong.

--- End quote ---

I suppose we've got two different cases here. I was thinking more about locally-generated stuff (e.g. a complex script generating a complex query which needs to be debugged), while sanitising user input is another can of worms.

Obligaory XKCD: https://xkcd.com/327/

MarkMLl

--- End quote ---
Mark,
look at my Link above.
It also explains the sqlite3_sql-Function (and the C-Binding for it is already in sqlite3.inc)

Navigation

[0] Message Index

[*] Previous page

Go to full version