MySQL querry via UTF8 (utf8mb4)

Support for the latest build of L2J Server, get help here with installations, upgrades, problems.
Do not post bugs reports here, use viewforum.php?f=77 instead.
There is no support for other server builds than the official provided by l2jserver.com
Forum rules
READ NOW: L2j Forums Rules of Conduct
Post Reply
User avatar
KGB1st
Posts: 230
Joined: Sat Jul 26, 2014 5:58 pm

MySQL querry via UTF8 (utf8mb4)

Post by KGB1st »

I've some function wich checks insert data from HTML before SQL querry sending.

Code: Select all

// only allow alpha numeric names because we use this name on the htmls
if (!uniqueName.matches("[A-Za-z0-9]+"))
	return false;
But it works only for eng chars, such as latin but.. if I try to check cyrilic symbols or all symbols wich mysql supports, such as it requires in utf8mb4, is this my new regualr expression will be working, and is it will be safe for mysql queries?

Code: Select all

// allow utf8  (4bytes)
if (!uniqueName.matches("[A-Za-z0-9\u0410-\u042f\u0430-\u044f]{3,16}"))
	return false;
p.s. I said about utf8mb4 because want to try queries with other chars in future, chinese for example :crazy: but I not sure that lineage client support it :lol: thereat korean сome down :roll:
HorridoJoho
L2j Senior Developer
L2j Senior Developer
Posts: 795
Joined: Sun Aug 14, 2005 11:27 am

Re: MySQL querry via UTF8 (utf8mb4)

Post by HorridoJoho »

You can take a look into

Code: Select all

\w
in regex. It represents word characters. Maybe it matches cyrilic and others also.
User avatar
KGB1st
Posts: 230
Joined: Sat Jul 26, 2014 5:58 pm

Re: MySQL querry via UTF8 (utf8mb4)

Post by KGB1st »

I don't know wich chars in \w range, I want to use separate chars from chinese or korean lang and add support for cyrillic users.
I want to sure that regex is safe for querries.
HorridoJoho
L2j Senior Developer
L2j Senior Developer
Posts: 795
Joined: Sun Aug 14, 2005 11:27 am

Re: MySQL querry via UTF8 (utf8mb4)

Post by HorridoJoho »

If you use prepared statements it is safe. Prepared statements are there to protect you from SQL injections. It works by not embedding the user Input directly into the query string but give it as a seperate Parameter which can be sanitized then.
Post Reply