Alessandro Vesely writes:
Sam Varshavchik wrote:Alessandro Vesely writes:* use mysql escape function also in a number of other places; the MySQL team took years to get it straight...Well, I don't think they got it right. There's no bounds checking in mysql_real_escape_string! The documentation claims you just need to provide enough room at least twice as long as the string length, but then there are also some vague comments regarding the interaction of this function with the locale's character set, which leaves me with a somewhat uneasy feeling.Since they require 2*length+1, I assume they check that bound. I don't know the details of the implementation, but doubling seems quite enough. Even if mysql_real_escape_string() cannot fail, its output will eventually be parsed using some other function which is supposedly aware about what the former might have done.
I looked at MySQL's source. Their code assumes that the buffer passed to mysql_real_escape_string is sized twice the size of the input buffer, plus one byte, and the code checks for overflow. Still, the original patch looks to be too complicated than it needs to be, so I'll need to do this myself.
pgp8UmyTCP4DH.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
