Hi Henning,
maybe there is no need for TEXT, but for sure you need some escaping for
BLOB type - I remember this issue some time ago in the the postgres module.
Regards,
Bogdan
Henning Westerholt wrote:
On Sunday 20 April 2008, Bogdan-Andrei Iancu wrote:
I think option 2 will be better,
On Monday 21 April 2008, Bogdan-Andrei Iancu wrote:
Hi Dan,
Right, this is one more reason for having in the DB API a clear
distinction between the string-like and blob-like types.
SQL injection can happen with any of blob, text, char, varchar if not
escaped. There is no distinction between
Bogdan-Andrei Iancu writes:
maybe there is no need for TEXT, but for sure you need some escaping for
BLOB type - I remember this issue some time ago in the the postgres
module.
i don't know if this is related, but when i write value to mysql blob
column from php, i have to escape it using
Henning Westerholt writes:
According to the
documentation its not necessary to do the unescaping for the
retrieval of binary data in binary format, but i
think we're using the text format here.
yes, i don't need to do any unescaping when i read binary data from
blob column. i just need
On Saturday 19 April 2008, Daniel-Constantin Mierla wrote:
for DB_STRING it has to be checked if all drivers return a null
terminated string, as some just set reference to the value in the
library result and not clone the value.
Otherwise, I would say that the most suitable type in DB api
On Monday 21 April 2008, Henning Westerholt wrote:
On Sunday 20 April 2008, Bogdan-Andrei Iancu wrote:
I think option 2 will be better, mainly because we have 2 different
data types - BLOB cannot be 100% mapped over string as BLOB was
specifically design for:
1) large amount of data
On Monday 21 April 2008, Dan Pascu wrote:
Right, this is one more reason for having in the DB API a clear
distinction between the string-like and blob-like types.
SQL injection can happen with any of blob, text, char, varchar if not
escaped. There is no distinction between the 2 regarding
Hi Henning!
Monday, April 21, 2008, you wrote:
SQL injection can happen with any of blob, text, char, varchar if not
escaped. There is no distinction between the 2 regarding this issue.
at least db_mysql and db_postgres uses escaping functions for DB_STRING,
DB_STR and DB_BLOB.
Iouri,
Hello Henning,
On 04/21/08 11:44, Henning Westerholt wrote:
On Saturday 19 April 2008, Daniel-Constantin Mierla wrote:
for DB_STRING it has to be checked if all drivers return a null
terminated string, as some just set reference to the value in the
library result and not clone the value.
Hi all,
i reviewed for bug #1940022 the BLOB and TEXT handling in the postgres and
mysql modules. At the moment there is a mismatch in the handling of this both
datatypes the database modules.
The db_mysql module uses a DB_BLOB result type for TEXT fields, db_postgres
DB_STRING. This breaks
IIRC there were also some issues with presence/presence_xml module some
time ago for storing the the presence info (XML payload) as the XML data
was sometimes not correctly interpreted (special characters, escape
sequences). But I do not know anymore if and how it was fixed.
regards
klaus
On Friday 18 April 2008, Klaus Darilion wrote:
IIRC there were also some issues with presence/presence_xml module some
time ago for storing the the presence info (XML payload) as the XML data
was sometimes not correctly interpreted (special characters, escape
sequences). But I do not know
12 matches
Mail list logo