I read this answer, It explains how a multi-byte character exploit works in a decent way, the only way I could think of avoiding this problem is whitelisting all single-byte characters because of the fact, as D.W. mentioned in the linked answer, that
there are also multi-byte sequences that the database might decode as a single quote, and that do not contain the 0x27 byte or any other suspicious byte value. As a result, standard quote-escaping functions may fail to escape those quotes.
Can anyone suggest some other way to tackle this problem?
