Here is my sql in cpp:
boost::format("select Rowid from Name where Idx match '%s'") % key
Is it safe to prevent injection by filtering quotation marks?
exmaple:
key : "ab'c" -> "ab''c"
key : "a\"b'c" -> "a\"\"b'c"Here is my sql in cpp:
boost::format("select Rowid from Name where Idx match '%s'") % key
Is it safe to prevent injection by filtering quotation marks?
exmaple:
key : "ab'c" -> "ab''c"
key : "a\"b'c" -> "a\"\"b'c"