On Mon, Sep 24, 2001 at 11:44:08AM -0400, [EMAIL PROTECTED] wrote:
> Mojahedul Hoque Abul Hasanat <[EMAIL PROTECTED]> wrote:
> > Username: hukka'hua
> > sql_escape_string output: hukka\'hua
> > Actual query to mysql: hukka\\'hua
>
> Hmm.. can you add debugging statements, to track down where the
> problem occurs in the SQL module?
Did some digging. The problem is not exactly in the rlm_sql
modules.
rlm_sql.c does the proper escaping. Then uses radius_xlat, which
uses decode_attribute which calls valuepair2str and we finally
arrive at librad_safeprint. This librad_safeprint does an extra
escaping by doubling the backslash "\" and hell breaks lose.
This is a big problem. All sql modules should be affected.
If I haven't missed something, radius_xlat should be changed.
I'll hack up a radius_xlat_sql now.
--
Mojahed
System Administrator
Agni Systems Limited
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
