What characters are not used in sql?

M

Maxim Timofeev2018-03-13 17:14:53

SQL

Maxim Timofeev, 2018-03-13 17:14:53

There is a need to store a string in the json base in which there will be sql queries broken by a demeter, that is, for now, the view is approximately like this:

{
somekey: "somedata",
somesql: "SELECT * FROM 'table' WHERE {someval|someval} LIKE {somedata|some_hren}"
}

Actually the question is how adequate it is to use "{" and "|", what are the pitfalls for both sql and json. I'm sure I'm reinventing the wheel and someone can poke their noses at already implemented solutions.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

d-stream, 2018-03-13
@d-stream

For complete reliability, you can "wrap" requests, for example, in base64 | uuencode, etc. - this will protect against problems with unicode characters, etc.

C

cicatrix, 2018-03-13
@cicatrix

You need to escape single and double quotes. Everything seems to be.
The pitfall here is different - of course it depends on the specifics of your decision, but I have a strong premonition of a SQL injection vulnerability. You these SQL requests whence and where are going to send? I hope not from the client on the server?