L2J Server

L2J Server Discussion Board
https://www.l2jserver.com/forum/

MySQL querry via UTF8 (utf8mb4)

https://www.l2jserver.com/forum/viewtopic.php?t=32407

Page 1 of 1

MySQL querry via UTF8 (utf8mb4)

Posted: Wed Aug 02, 2017 8:07 pm
by KGB1st
I've some function wich checks insert data from HTML before SQL querry sending.

Code: Select all

// only allow alpha numeric names because we use this name on the htmls
if (!uniqueName.matches("[A-Za-z0-9]+"))
	return false;
But it works only for eng chars, such as latin but.. if I try to check cyrilic symbols or all symbols wich mysql supports, such as it requires in utf8mb4, is this my new regualr expression will be working, and is it will be safe for mysql queries?

Code: Select all

// allow utf8  (4bytes)
if (!uniqueName.matches("[A-Za-z0-9\u0410-\u042f\u0430-\u044f]{3,16}"))
	return false;
p.s. I said about utf8mb4 because want to try queries with other chars in future, chinese for example :crazy: but I not sure that lineage client support it :lol: thereat korean сome down :roll:

Re: MySQL querry via UTF8 (utf8mb4)

Posted: Thu Aug 03, 2017 1:38 pm
by HorridoJoho
You can take a look into

Code: Select all

\w
in regex. It represents word characters. Maybe it matches cyrilic and others also.

Re: MySQL querry via UTF8 (utf8mb4)

Posted: Fri Aug 04, 2017 5:46 am
by KGB1st
I don't know wich chars in \w range, I want to use separate chars from chinese or korean lang and add support for cyrillic users.
I want to sure that regex is safe for querries.

Re: MySQL querry via UTF8 (utf8mb4)

Posted: Fri Aug 04, 2017 8:36 am
by HorridoJoho
If you use prepared statements it is safe. Prepared statements are there to protect you from SQL injections. It works by not embedding the user Input directly into the query string but give it as a seperate Parameter which can be sanitized then.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited