Path: ...!3.eu.feeder.erje.net!feeder.erje.net!news2.arglkargh.de!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.arch
Subject: Re: Byte Addressability And Beyond
Date: Tue, 4 Jun 2024 01:45:58 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <v3lrkm$48om$8@dont-email.me>
References: <v0s17o$2okf4$2@dont-email.me> <v31c4r$3u28v$1@dont-email.me>
	<v327n3$1use$1@gal.iecc.com> <BM25O.40665$HBac.4762@fx15.iad>
	<v32lpv$1u25$1@gal.iecc.com> <v33bqg$9cst$11@dont-email.me>
	<v34v62$ln01$1@dont-email.me> <v36bva$10k3v$2@dont-email.me>
	<2024May29.090435@mips.complang.tuwien.ac.at>
	<cIG5O.25483$gKW1.4042@fx13.iad> <jwvcyp4veqj.fsf-monnier+comp.arch@gnu.org>
	<I5I5O.9419$czG6.9020@fx02.iad> <jwv1q5kvcnm.fsf-monnier+comp.arch@gnu.org>
	<1uJ5O.2$gn%7.1@fx12.iad> <2024May30.173537@mips.complang.tuwien.ac.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 04 Jun 2024 03:45:58 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d7d916175bb629e2353c22c0a9deb72e";
	logging-data="140054"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18V24FfmFXFW0WIcDbiYZ9X"
User-Agent: Pan/0.158 (Avdiivka; )
Cancel-Lock: sha1:mWJM0JfSbRlX3dKI7a7zWQhVQw4=
Bytes: 2091

On Thu, 30 May 2024 15:35:37 GMT, Anton Ertl wrote:

> Actually what you check for is meta-characters like ; " '.  They are all
> ASCII, so as long as your code is 8-bit-clean, your SQL string sanitizer
> needs to know nothing about UTF-8.

According to the official spec, an SQL string literal is delimited by “"” 
characters, and an embedded double-quote is escaped by writing it twice: 
“""”.

That’s it. Nothing else is special, so any other character/byte value in 
the string can be simply passed through as is.

Of course, things like LIKE and REGEXP clauses are an entirely separate 
matter ...