Skip to content

"Don't forget to sanitize"?? #164

Answered by codemasher
strider72 asked this question in Q&A
Discussion options

You must be logged in to vote

It's the same like with database input: it's not the job of the database to sanitize data, that's why higher level sanitizing functions (e.g. filter_var(), mysqli_real_escape_string()) or even whole sanitizer libraries exist.
If the QR encoder would try to "sanitize" the input data it would be most likely that the reading results were broken. Sanitization is specific to the expected input data. If you want to encode an URL, make sure, that the user input is limited to URL-like strings (FILTER_VALIDATE_URL), if you want to encode a Spotify URI (spotify:track:59WN2psjkt1tyaxjspN8fp), make sure that the data only contains spotify:<type>:<[a-zA-Z0-9]> and so on. There are even people who enco…

Replies: 2 comments

Comment options

You must be logged in to vote
0 replies
Answer selected by strider72
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants