On Fri, May 6, 2005, Geo Carncross <[EMAIL PROTECTED]> said: > After some digging :) > > It looks like (At least trunk) passwords are already escaped. The only > character which is completely invalid is NUL. I don't think anyone > actually wants to fix that. > > If NULs are guaranteed out, SQL92 defines proper value quoting as: > > s/'/''/sg; > > (paraphrased from about 3 pages of text in X3H2-92-154/DBL section 5.2)
I don't think we pass the password to the database. *goes to check* > Is there any underlying reason for validchars that I'm missing here? My assumption is that it is intended to 'sanitize' the input stream to not much more than letters, numbers, and punctuation. Aaron
