[Opensource] Poll: How does your db handle single quotes?
Ingo Etienne
ingo_etienne at gmx.net
Sun Jul 28 17:39:06 PDT 2002
Hey Mike,
isn't that a question that is very far beyond the current version of
Expresso 4.xxx ?
;-)
Cheers
Ingo
----- Original Message -----
From: "Michael Rimov" <rimovm at centercomp.com>
To: <opensource at jcorporate.com>
Sent: Saturday, July 27, 2002 11:21 PM
Subject: [Opensource] Poll: How does your db handle single quotes?
> Hey All,
>
> Because of some SQL Injection protection code being checked in, we need to
> be able to handle single quotes. I've created a filtering mechanism to
> filter strings before they're sent to the database that I can easily
handle
> different situations, but since I don't have every database out there
> installed on my system, I could really use some feedback on what kind of
> SQL transformation your database requires. Here's what I have so far:
>
> Database: PostgreSQL & MySQL
> Initial Character Transformed to
> ------------------------------------------------------
> ' | \'
> \ | \\
>
> Database: SapDB
> Initial Character Transformed to
> ------------------------------------------------------
> ' | ''
>
> Can anybody give me some feedback for:
>
> DB2,
> Oracle,
> MS SQL Server
> Hypersonic
> Sybase
>
> and any others I haven't mentioned that you use for your production
> environment?
>
> Thanks in advance!
> -Mike
>
>
> _______________________________________________
> Opensource mailing list
> Opensource at jcorporate.com
> http://mail.jcorporate.com/mailman/listinfo/opensource
> Archives: http://mail.jcorporate.com/pipermail/opensource/
>
More information about the Opensource
mailing list