cantsay
Reputation: 2036
Which characters can I safely insert into an SQL database without escaping?
I've had a look on Google to try and find out which characters are safe to insert into a MySQL database, but every time someone just seems to say "it's fine as long as you use *_real_escape_string
I'm trying to find out which different special characters I can use to generate a salt, so escaping characters will be no good since the salt column is limited to char(10)
The salt is automatically generated. Am I correct in thinking anything except the following characters are okay?
- '
- "
- \
Upvotes: 0
Views: 112
Answers (1)
zerkms
Reputation: 254886
You should never ask such a question actually.
You must always use prepared statements/placeholders and not care of the actual characters.
Upvotes: 5
Related Questions
- Escape strings/ inserting in php script
- What characters have to be escaped to prevent (My)SQL injections?
- Escaping characters before insert into database
- Insert values containing special characters into MySQL database
- safe characters for mysql
- php mysql escaping characters in INSERT statement
- Escaping for insert to MySql
- Escape special characters from the database - MySql
- When is it necessary to escape double quotes and other characters when inserting them into MySQL database?
- Best way to escape strings for sql inserts?