Is it possible for double-escaping to cause harm to the DB?
- by waiwai933
If I accidentally double escape a string, can the DB be harmed?
For the purposes of this question, let's say I'm not using parametrized queries
For example, let's say I get the following input:
bob's bike
And I escape that:
bob\'s bike
But my code is horrible, and escapes it again:
bob\\\'s bike
Now, if I insert that into a DB, the value in the DB will be
bob\'s bike
Which, while is not what I want, won't harm the DB. Is it possible for any input that's double escaped to do something malicious to the DB assuming that I take all other necessary security precautions?