Hello Stipe, there's a difference between mysql_escape_string and mysql_real_escape_string, the latter taking the database locale (e.g. charset) into account. Some charsets may need escaping for additional characters, which only the 'real' flavor of this function handles correctly. Drawback is that mysql_real_escape strig needs an open and valid connection handle to determine the charset used on the server.
http://dev.mysql.com/doc/refman/5.0/en/mysql-escape-string.html http://dev.mysql.com/doc/refman/5.0/en/mysql-real-escape-string.html Saturday, August 9, 2008, 10:35:19 PM, you wrote: ST> Hi list, ST> we have a possible bug situation in the gw/dlr_mysql.c module, especially for ST> the dlr_mysql_add() function: ST> We perform an INSERT into the table space with the values provided in dlr_entry ST> struct. The field entry->source is the source address and if we used an ST> alphanumeric value here containing any SQL "administrative chars" (i.e. ') we ST> run into an mysql error. We need to ensure that all values passed from the ST> "outside" (via smsbox HTTP interface) to the SQL creation format is passed via ST> mysql's mysql_escape_string() function, ensuring such chars are escaped. ST> We had such a patch posted by: ST> From: Peter Christensen ST> Subject: Re: dlr_mysql_add and internal charset ST> Date: Tue, 10 Jan 2006 07:44:02 -0800 ST> URL: http://www.mail-archive.com/[email protected]/msg05381.html ST> but it was actually never applied. This is a re-write of Peter's patch, making a ST> dbpool_mysql_escape_string() wrapper function available in the ST> gwlib/dbpool_mysql.c and using it in gw/dlr_mysql.c. ST> Please review and vote for committing to CVS. ST> Stipe ST> ------------------------------------------------------------------- ST> Kölner Landstrasse 419 ST> 40589 Düsseldorf, NRW, Germany ST> tolj.org system architecture Kannel Software Foundation (KSF) ST> http://www.tolj.org/ http://www.kannel.org/ ST> mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ST> ------------------------------------------------------------------- -- Best regards, Thomas mailto:[EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
