• Septimaeus@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    8 个月前

    Input sanitization typically handles this as a string that only allows characters supported by the data type specified by the table field in question. A permissive strategy might scrub the string of unexpected characters. A strict one might throw an error. The point, however, is to prevent the evaluation of inputs as anything other than their intended type, whether or not reserved characters are present.