Re: Representation of strings with special chars
Re: Representation of strings with special chars
- Subject: Re: Representation of strings with special chars
- From: Andreas Grosam <email@hidden>
- Date: Fri, 26 Aug 2011 08:53:21 +0200
On Aug 26, 2011, at 2:02 AM, Glenn L. Austin wrote:
>
> On Aug 25, 2011, at 2:03 PM, Alexander Reichstadt wrote:
>
>> Hi,
>>
>> Thank you for your many responses.
>>
>>> const char *cstr = [s UTF8String];
>>> mysql_stmt_prepare(myStatement, cstr, strlen(cstr));
>>
>>
>> This fixed the bug.
>>
>> Alexander
>
> Just in case the string has a NULL character, I'd use:
This is an interesting point. However, I would first consult the MySQL documentation how it handles UTF-8.
Unicode NULL (U+0000) isn't the only Unicode scalar value which should be rejected by a database engine when encountered in the command string. For instance, any Unicode noncharacter and possibly control characters (U+0001 to U+001F) should not be accepted. It may allow Unicode NULL in string data, though, but usually not.
Only if the database engine lacks proper handling of Unicode sequences itself (which I don't think is true), and which in turn may cause security issues, I would preprocess the input and reject it as a whole when something is bogus.
>
> NSData *data = [s dataUsingEncoding:NSUTF8StringEncoding];
> mysql_stmt_prepare(myStatement, [data bytes], [data length]);
>
> Of course, if you *did* have a NULL character in your string, then the mysql_stmt_prepare would probably barf at some point. You could use the comparison of strlen() and [data length] to make sure that you're not passing a NULL.
>
> --
> Glenn L. Austin, Computer Wizard and Race Car Driver <><
> <http://www.austin-soft.com>
>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden