!!! Overview
[RFC 4511] describes [Lightweight Directory Access Protocol (LDAP) The Protocol] and clearly shows the [SearchRequest] [LDAP SearchFilter] is to be, as with all data sent to the [DSA], " be encoded for exchange using the [Basic Encoding Rules] [BER] of [ASN.1] with" a few restrictions.

So even though "Some applications may find it useful to have a common way of representing these search filters in a [human-readable form|LDAP String Representation of Search Filters].", the [DUA] (LDAP Client) is responsible to perform the encoding as described in [Lightweight Directory Access Protocol (LDAP) The Protocol] ([RFC 4511]).

!! Our Recommendation
The best way to create any kind of filter in an LDAP-enabled application is to use the Filter.create* methods (from the [UnboundID LDAP SDK For Java]) instead of trying to construct a filter yourself using the [LDAP String Representation of Search Filters].

This is true for two reasons:
* The [UnboundID LDAP SDK For Java] will always perform the appropriate escaping for any special characters contained in the assertion value.  \\This can help thwart attacks from clients trying to use the LDAP equivalent of an SQL injection (e.g., by trying to trick the application into performing a substring or presence search when the intent was to perform an equality search).
* It is faster.  The LDAP SDK doesn't have to parse the string representation in order to get the components to use in the binary encoding.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]