These are chat archives for influxdata/influxdb

16th
Nov 2015
Ignacio Tolstoy
@naxhh
Nov 16 2015 14:43
Hi people! I'm using the influxdb-java client. Checking docs and code I did see nothing about SQL Injection escaping.
Is there any reference I can check about this? My current use case is to make sure no one is messing with my where conditions...
how people normally handle this?
Francis De Brabandere
@francisdb
Nov 16 2015 16:03
making sure that any user input is properly escaped?
Ignacio Tolstoy
@naxhh
Nov 16 2015 17:19
Yes of course. But what influx expects to be scaped?
String literals must always be single-quoted ('). String literals may contain any unicode characters except for single quotes, new lines and backslashes, which must be backslash (\) escaped.
Francis De Brabandere
@francisdb
Nov 16 2015 21:38
Strings are text values. All string values must be surrounded in double-quotes ".
If the string contains a double-quote, it must be escaped with a backslash, e.g. \".
I have 2 kinds of escapes in my code, one for literals and one for strings