Deutsch English Français Italiano |
<v3lrkm$48om$8@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!3.eu.feeder.erje.net!feeder.erje.net!news2.arglkargh.de!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Lawrence D'Oliveiro <ldo@nz.invalid> Newsgroups: comp.arch Subject: Re: Byte Addressability And Beyond Date: Tue, 4 Jun 2024 01:45:58 -0000 (UTC) Organization: A noiseless patient Spider Lines: 15 Message-ID: <v3lrkm$48om$8@dont-email.me> References: <v0s17o$2okf4$2@dont-email.me> <v31c4r$3u28v$1@dont-email.me> <v327n3$1use$1@gal.iecc.com> <BM25O.40665$HBac.4762@fx15.iad> <v32lpv$1u25$1@gal.iecc.com> <v33bqg$9cst$11@dont-email.me> <v34v62$ln01$1@dont-email.me> <v36bva$10k3v$2@dont-email.me> <2024May29.090435@mips.complang.tuwien.ac.at> <cIG5O.25483$gKW1.4042@fx13.iad> <jwvcyp4veqj.fsf-monnier+comp.arch@gnu.org> <I5I5O.9419$czG6.9020@fx02.iad> <jwv1q5kvcnm.fsf-monnier+comp.arch@gnu.org> <1uJ5O.2$gn%7.1@fx12.iad> <2024May30.173537@mips.complang.tuwien.ac.at> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Tue, 04 Jun 2024 03:45:58 +0200 (CEST) Injection-Info: dont-email.me; posting-host="d7d916175bb629e2353c22c0a9deb72e"; logging-data="140054"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18V24FfmFXFW0WIcDbiYZ9X" User-Agent: Pan/0.158 (Avdiivka; ) Cancel-Lock: sha1:mWJM0JfSbRlX3dKI7a7zWQhVQw4= Bytes: 2091 On Thu, 30 May 2024 15:35:37 GMT, Anton Ertl wrote: > Actually what you check for is meta-characters like ; " '. They are all > ASCII, so as long as your code is 8-bit-clean, your SQL string sanitizer > needs to know nothing about UTF-8. According to the official spec, an SQL string literal is delimited by “"” characters, and an embedded double-quote is escaped by writing it twice: “""”. That’s it. Nothing else is special, so any other character/byte value in the string can be simply passed through as is. Of course, things like LIKE and REGEXP clauses are an entirely separate matter ...