5

Hi,

For websites I've always restricted username to use Apostrophe ' and " and some times even space . If a website necessitate special character then I prefer to create an additional DB field ~DisplayName.

It's easier to forbid the use of Apostrophe, otherwise you will have to escape also your search query to match what has been recorded in the DB.

On the topic I've this https://security.stackexchange.com/questions/202902/is-single-quote-filtering-nonsense

But if you have better documentation feel free to share :)

Thanks

you are viewing a single comment's thread
view the rest of the comments
[-] Kissaki@programming.dev 2 points 8 months ago* (last edited 8 months ago)

You don't need to escape any content for storing in a DB field.

Use the correct database interface and you're good.

I'd be more concerned about intention and intentional design. Arbitrary characters can be misleading or problematic for users. Using an allow list for accepted username characters is a good approach if you can't depend on good intentions of users.

this post was submitted on 24 Feb 2024
5 points (69.2% liked)

Web Development

3430 readers
1 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Related Communities

Wormhole

Some webdev blogsNot sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

CreditsIcon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS