Do I need to sanitize/escape the string I pass into UpdateUserTitleDisplayName, or does PlayFab already take care of this for me? Are there any display names that could cause database injection attacks or other security issues?
Do I need to sanitize/escape the string I pass into UpdateUserTitleDisplayName, or does PlayFab already take care of this for me? Are there any display names that could cause database injection attacks or other security issues?
The Title Display Name is simply a string on our side - there's no opportunity for any kind of injection attack in our service, regardless of what's in it. If you're loading the Title Display Name into a website or other code, you should ensure that it's only ever used as a string.
1 Person is following this question.
simulating a Virtual Currency wallet for a group,simulating a Virtual Currency wallet for a Group
How to get other players public [player data] with client API?
Having trouble with getting invalid input parameters error when calling UpdateUserData.
Memory profile write when updating user data
Custom data from the catalog item is not returned correctly.