Hi,
Just wondering. What became the final conclusion on MySQL escaping?
Med venlig hilsen / Best regards
Peter Christensen
Developer
------------------
Cool Systems ApS
Tel: +45 2888 1600
@ : [EMAIL PROTECTED]
www: www.coolsystems.dk
Andreas Fink wrote:
On 10.01.2006, at 21:01, Stipe Tolj wrote:
Peter Christensen wrote:
Hi,
I'd like to address a couple things now that a new kannel release near:
1. Some while ago, I reported problems within the dlr_mysql_add
function. If the entry->timestamp, entry->source, or entry->url
contains some unfortunate characters (most significantly <'>), the
SQL query gets broken and the DLRs are wasted.
After a while, the first patch was submitted, but as it used
mysql_real_escape_string, it would potentially require an additional
MySQL connection (or something - don't remember what the exact
problem was), so it was not committed, and another patch was promised
in a near future. Apparently this patch never came, however, and I
see that the current CVS is still not escaping the strings.
correct, I have that escaping version of mysql here and it's scheduled
for commit to 1.5.0 devel, since I won't have the time to test it that
extensively to ensure stability for 1.4.1 stable.
how about taking a dumb and simple approach and simply escape all
characters to hexadecimal (ie. \x30 for a 0).
this will always work and not break anything existing.
I could post the patch and let the list confirm via votes that it
should or should not go to 1.4.1 stable?
I think it should, its not a new feature but a important bugfix and not
a critial to break anything in my eyes.
Andreas Fink
Fink Consulting GmbH
---------------------------------------------------------------
Tel: +41-61-6666332 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail: [EMAIL PROTECTED]
Homepage: http://www.finkconsulting.com
---------------------------------------------------------------
ICQ: 101946485 MSN: [EMAIL PROTECTED] AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333
PGP9: 0714 DF2B A189 A760 6201 5CBD D040 3E71 4DAF 68BB
