Do I need to sanitize/escape the string I pass into UpdateUserTitleDisplayName, or does PlayFab already take care of this for me? Are there any display names that could cause database injection attacks or other security issues?
Do I need to sanitize/escape the string I pass into UpdateUserTitleDisplayName, or does PlayFab already take care of this for me? Are there any display names that could cause database injection attacks or other security issues?
The Title Display Name is simply a string on our side - there's no opportunity for any kind of injection attack in our service, regardless of what's in it. If you're loading the Title Display Name into a website or other code, you should ensure that it's only ever used as a string.
1 Person is following this question.
Having trouble with getting invalid input parameters error when calling UpdateUserData.
How to get other players public [player data] with client API?
How do data value update limits work?
Since Azure Function Only change, Examples are invalid
Custom data from the catalog item is not returned correctly.