subject:"\[courier\-users\] authmysql vs apostrophe \[PATCH\]"

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-05-04 Thread Sam Varshavchik

Alessandro Vesely writes: Sam Varshavchik wrote: Alessandro Vesely writes: * use mysql escape function also in a number of other places; the MySQL team took years to get it straight... Well, I don't think they got it right. There's no bounds checking in mysql_real_escape_string! The

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-05-04 Thread Alessandro Vesely

Sam Varshavchik wrote: Alessandro Vesely writes: Sam Varshavchik wrote: Alessandro Vesely writes: * use mysql escape function also in a number of other places; the MySQL team took years to get it straight... Well, I don't think they got it right. There's no bounds checking in

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-05-04 Thread Sam Varshavchik

Alessandro Vesely writes: Sam Varshavchik wrote: Alessandro Vesely writes: Sam Varshavchik wrote: Alessandro Vesely writes: * use mysql escape function also in a number of other places; the MySQL team took years to get it straight... Well, I don't think they got it right. There's no

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-04-18 Thread Alessandro Vesely

Sam Varshavchik wrote: Alessandro Vesely writes: * use mysql escape function also in a number of other places; the MySQL team took years to get it straight... Well, I don't think they got it right. There's no bounds checking in mysql_real_escape_string! The documentation claims you

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-04-18 Thread Gordon Messmer

Alessandro Vesely wrote: On the other hand, we cannot guarantee that prepared statements work in *all* cases. Why not? - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-04-18 Thread Alessandro Vesely

Gordon Messmer wrote: Alessandro Vesely wrote: On the other hand, we cannot guarantee that prepared statements work in *all* cases. Why not? Some forms of queries don't work. E.g. you cannot have parameters markers on bot sides of an comparison, as in WHERE ? = ?, for

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-04-17 Thread Alessandro Vesely

Finally, I managed to get my hands on that code :-) Gordon Messmer wrote: Alessandro Vesely wrote: Indeed, to use prepared statements would be itself a good reason to review that code. It was added in MySQL 4.1.2, the auth code still has a conditional part for older MySQL versions. Should I

Re: [courier-users] authmysql vs apostrophe [PATCH]

2008-04-17 Thread Sam Varshavchik

Alessandro Vesely writes: * use mysql escape function also in a number of other places; the MySQL team took years to get it straight... Well, I don't think they got it right. There's no bounds checking in mysql_real_escape_string! The documentation claims you just need to provide enough

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

Re: [courier-users] authmysql vs apostrophe [PATCH]

8 matches

Site Navigation

Mail list logo

Footer information