sorry that triple - should be just a double -- also this would cause the same problem
"select * from coly where some_key = ? limit 1 --" it would seem that in general, comments and place holders arent happy together. however they used to be. i was under the impression that its always a good idea to put a comment marker at the end of an sql line, to help prevent buffer overflow sql injections. so this is hurting me as i have -- after all my sql :( On 6/3/2010, "Dean Hamstead" <[email protected]> wrote: >Package: libdbd-mysql-perl >Version: 4.014-1 >Severity: important > > >Hello > >i have found that the following will cause a script to hang and take 100% cpu >usage... > >#!/usr/bin/perl > >use strict; >use warnings; > >use DBI; > > my $dbh = DBI->connect('DBI:mysql:xxx:localhost','xxx','xxx') or die "cant > connect to database: $DBI::errstr"; > >## this works > my $sth = $dbh->prepare('select * from col --') or die "Couldn't prepare > statement: " . $dbh->errstr; > ># etc... > >## this works > $sth = $dbh->prepare('select * from coly where some_key = ? ') or die > "Couldn't prepare statement: " . $dbh->errstr; > $sth->execute(q|keyvalue|); > >## this hangs and goes to 100% cpu usage, strace shows nothing of value > $sth = $dbh->prepare('select * from coly where some_key = ? ---') or die > "Couldn't prepare statement: " . $dbh->errstr; > $sth->execute(q|keyvalue|); > > >___END___ > > >I dont have another database to try this on, but there is already a bug like >this > > > > >-- System Information: >Debian Release: squeeze/sid > APT prefers testing > APT policy: (500, 'testing') >Architecture: amd64 (x86_64) > >Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores) >Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) >Shell: /bin/sh linked to /bin/dash > >Versions of packages libdbd-mysql-perl depends on: >ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib >ii libdbi-perl [perl-db 1.610.90+is+1.609-1 Perl Database Interface (DBI) >ii libmysqlclient16 5.1.46-1 MySQL database client library >ii perl 5.10.1-12 Larry Wall's Practical Extraction >ii perl-base [perlapi-5 5.10.1-12 minimal Perl system > >libdbd-mysql-perl recommends no packages. > >libdbd-mysql-perl suggests no packages. > >-- no debconf information > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
