Thanks for all your help. I hope I can use 2bytes charactor file names without code modification in the future release.
Regards. +----------------------------------+ + Naoki Tsujimoto/A.C.Wartz & Co. + + <[email protected]> + +----------------------------------+ > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of MoYo > Sent: Wednesday, January 07, 2009 7:09 AM > To: Liste de diffusion des utilsateurs de GLPI > Subject: Re: [Glpi-user] an issue of 2bytes charactor file name > > Pierre Chifflier a écrit : > > Hi, > > > > It's not sufficient, there are way more methods to inject SQL data. > > Each database provides a function to escape characters, so > in case of > > MySQL you should use mysql_real_escape_string: > > http://fr.php.net/mysql_real_escape_string > > > > Here, the problem is not to escape a string but to clean a > filename to be able to store the file, store it's name in DB > and permit to use the stored name to get the file. > Escaping the filename is not the complete solution. All chars > which are not allowed must be deleted or replace by an > alternative char. > > Regards > > Julien > > > _______________________________________________ > Glpi-user mailing list > [email protected] > https://mail.gna.org/listinfo/glpi-user > _______________________________________________ Glpi-user mailing list [email protected] https://mail.gna.org/listinfo/glpi-user
