Djiby SY schrieb:
When updating de mysql DB, the pointer msg->sms.msgdata was passed as
parametter of function and modified inside the function.
This is why the MT message has "\'" in the phone instead of "'".
I have modified the function static Octstr
*get_string_value_or_return_null(Octstr *) in sqlbox_mysql.c
now, this is all about mysql client library code "securing" the input data
against messing to inject a remote SQL attack.
We should mention that using sqlbox is NOT secure for various conditions,
because character encoding can mess up, due to the fact that sqlbox seems to use
a specific "encoding" for it's payload data. Which means it's not a pure BLOB
type, hence transcoding of the character set is happening.
@Rene: are you still actively maintaining the sqlbox module within
cvs.kannel.org?
Stipe
-------------------------------------------------------------------
Kölner Landstrasse 419
40589 Düsseldorf, NRW, Germany
tolj.org system architecture Kannel Software Foundation (KSF)
http://www.tolj.org/ http://www.kannel.org/
mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org
-------------------------------------------------------------------
