[RCD] Handling invalid address book entries
Michael Baierl
mail at mbaierl.com
Thu Oct 16 08:43:23 CEST 2008
If you need to convert single quotes it means you don't use your DB
properly. Just use prepared statements only and this problem won't
exist any longer!
lg,
Mike
--
Michael Baierl
<http://mbaierl.com/>
On 15.10.2008, at 19:50, chasd <chasd at silveroaks.com> wrote:
>
> On Oct 15, 2008, at 11:08 AM, Ziba Scott wrote:
>
>> Hi Till,
>>
>> Thanks for the response. I'd like to just quote everything and
>> stick it
>> in the database, but ticket 1463946:
>> http://trac.roundcube.net/ticket/1463946
>>
>> suggests that there is a set of characters that are undesirable to
>> store
>> and may cause difficulty sending mail to users with strange names.
>
> A Wikipedia page has a summary of the relevant RFCs
> <http://en.wikipedia.org/wiki/E-mail_address#RFC_specification>
> and a specific list of characters.
>
> Apostrophes are particularly bad with SQL statements.
> My personal hack is to replace those with the HTML entity '
> before SQL, and then convert back ( if I need to ) when reading from
> the database.
>
> From reading the lists for the spam filtering software we use, e-
> mail addresses that _begin_ with a plus can cause problems, as can
> addresses with hyphens.
>
>> Which puts us in the position of picking and choosing what should go
>> into the database.
>
> Data validation problem, which is true of any input data.
>
>
> --
> Charles Dostale
> System Admin - Silver Oaks Communications
> http://www.silveroaks.com/
> 824 17th Street, Moline IL 61265
>
> _______________________________________________
> List info: http://lists.roundcube.net/dev/
_______________________________________________
List info: http://lists.roundcube.net/dev/
More information about the Dev
mailing list