Well then someone with a Tagalog name gets caught in your filter…
I mean if it’s “perfect” they yes, it’ll work, but in production…
Also, you sometimes want to be able to store “1); Drop table abc;” in your database, I mean how do you otherwise store this comment right here? Sanitizing.
I agree with everything in your comment except the last word. Only sanitize in cases where there isn’t a better option like html or terminal escape sequences. SQL had prepared statements, which are better.
That’s conforming (to what ever criteria). Send me a UTF-16 string of at most 100 code points. Send me a 7-bit ASCII string of only A-Z0-9. Reject anything that doesn’t comform.
sanitizing is trying to clean an input. That’s “lemme just double escape some special characters” or stripping/replacing/encoding characters or truncating strings, coercing types. Don’t do this, your sanitization code will have bugs or edge cases.
Well then someone with a Tagalog name gets caught in your filter…
I mean if it’s “perfect” they yes, it’ll work, but in production…
Also, you sometimes want to be able to store “1); Drop table abc;” in your database, I mean how do you otherwise store this comment right here? Sanitizing.
I agree with everything in your comment except the last word. Only sanitize in cases where there isn’t a better option like html or terminal escape sequences. SQL had prepared statements, which are better.
That’s conforming (to what ever criteria). Send me a UTF-16 string of at most 100 code points. Send me a 7-bit ASCII string of only A-Z0-9. Reject anything that doesn’t comform.
sanitizing is trying to clean an input. That’s “lemme just double escape some special characters” or stripping/replacing/encoding characters or truncating strings, coercing types. Don’t do this, your sanitization code will have bugs or edge cases.