On Mon, 17 Feb 2003 23:02:39 +0100 (CET), Dirk-Willem van Gulik wrote > And or change the apr_pstrcat into things like select "%s" from %s > with an apr_pstrNprintf( with a nice limit; as some of the values > are from potentially doggy sources; such as .htaccess file made by > possibly hostile users and from the network.
changed to apr_psprintf, and added LIMIT to the queries. I supose another thing to put in the documentation is to say to create a seperate MySQL user just for this, and set them to have ONLY SELECT permissions. > Aye - you want to triple/double check your mysql_free()'s I'd guess. > Or have one exit after the claim you go to with an 'return e' set to > AUTH_USER_X Y or Z. Just to make it a bit more defensive. Or wrap > inside a function or soemthing :-). yep, changed it to set an authn_status, and then do the mysql_free and releasing the server in one spot. I have put the version(0.0.3) with these and a couple over small changes on http://open.cyanworlds.com thanks for the suggestions. -chip
