[Opensource] Poll: How does your db handle single quotes?
Michael Rimov
rimovm at centercomp.com
Sat Jul 27 14:21:14 PDT 2002
Hey All,
Because of some SQL Injection protection code being checked in, we need to
be able to handle single quotes. I've created a filtering mechanism to
filter strings before they're sent to the database that I can easily handle
different situations, but since I don't have every database out there
installed on my system, I could really use some feedback on what kind of
SQL transformation your database requires. Here's what I have so far:
Database: PostgreSQL & MySQL
Initial Character Transformed to
------------------------------------------------------
' | \'
\ | \\
Database: SapDB
Initial Character Transformed to
------------------------------------------------------
' | ''
Can anybody give me some feedback for:
DB2,
Oracle,
MS SQL Server
Hypersonic
Sybase
and any others I haven't mentioned that you use for your production
environment?
Thanks in advance!
-Mike
More information about the Opensource
mailing list