Hi List, maybe there's a misunderstanding here on my side but mysql_real_escape_string() still adds backslashes to some special chars (like ' or " and \), doesnt it? That would probably not affect the case of escaping a semicolon like stated below. But what happens if theres a TXT record contaning ', " or \? PowerDNS would still retrieve those strings as they are and deliver the record including the escape-backslashes. Does anyone know how other database backends for powerdns or other nameservers with DB backends handle this scenario?
On Wed, 06 Jan 2010 13:27:31 -0500, Patrick Domack <[email protected]> wrote: > Most people have solved this issue awhile ago, but some people never > upgrade or review documentation, so here is the things I would check. > > Sounds like this is php, so: > Make sure magic_quotes_gpc is not on in php.ini, or by other means > Make sure the php program isn't using add_slashes > If it is using add_slashes, replace with mysql_real_escape_string > > > Quoting Michael <[email protected]>: > >> On Wed, 06 Jan 2010 21:56:08 you wrote: >>> Hi Michael >>> >>> > When I enter a DKIM or Domain Keys record, which requires use of ';', >>> > the >>> > records on the secondary name server have this character escaped with >>> > '\', as to be expected. >>> > >>> > As this character has a special meaning in MySQL I would think the >>> > simple >>> > answer would be to unescape it prior to returning the RR. >>> >>> This is a common misunderstanding of web developers that escaping in >>> MySQL >>> is done by adding backslashes. Instead, escaping is done by calling >>> mysql_real_escape(), which prepares the string to be save when storing >>> it >>> to the database but when fetching the string again, it will be the same >>> as >>> before calling mysql_real_escape(). Therefore, if a web application adds >>> backslashes it corrupts the record and this has to be considered as bug >>> of >>> the web application. >> >> Ok, so is there any downside to adding an unescape to the code and could >> this >> be done by the programmers? >> >> I didn't write the web based SQL admin... I use the proper MySQL >> function in >> my own code, but I am not rewriting the web based admin... >> >> >> _______________________________________________ >> Pdns-users mailing list >> [email protected] >> http://mailman.powerdns.com/mailman/listinfo/pdns-users >> > > > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users -- Mit freundlichen Grüßen / with kind regards Rudolph Bott _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
