Re: [Owasp-input-api-developers] sample - will this work?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> Perhaps the fact that % is the wildcard character in ANSI SQL and most SQL
> dialects is what is concerning you. And I probably should take all four of
> those characters out. Question is how to allow the client to make posts
> using those characters without opening up holes. HTML entities can handle
> multi-byte characters, can't they? That's not the problem here.
>

convert allowed non A-Z,a-z,0-9 charcters to their UTF-8 equivs and store
them in that format.

UTF-8 RFC: <http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2279.html>

In code:
<http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/locale/utf2.c>

-Nik