Hi Rudolph > maybe there's a misunderstanding here on my side but > mysql_real_escape_string() still adds backslashes to some special chars > (like ' or " and \), doesnt it? That would probably not affect the case of > escaping a semicolon like stated below.
Yes, it does but that's a MySQL specific behaviour and all other databases don't do this. SQL ANSI escaping only duplicates single quotes. Example: mysql_real_escape( \ ; ' " ) -> \\ ; \' \" Nevertheless, no backslashes are added to semicolons. > But what happens if theres a TXT record contaning ', " or \? PowerDNS > would still retrieve those strings as they are and deliver the record > including the escape-backslashes. I've done a short test what happens. The result is that we get the original string back: \ ; ' " So there will be no problem when using mysql_real_escape(). > Does anyone know how other database > backends for powerdns or other nameservers with DB backends handle this > scenario? The PowerDNS opendbx backend uses the odbx_escape() function from the OpenDBX library which uses the escape functions of the client database libraries or if there's no client escape function available provides it's own one which does ANSI escaping (duplicating single quotes). The other database backends use the native escape functions as I remember correctly. I think that we are save from the PowerDNS and the database side but if a management applications inserts corrupted records, the problem must be fixed in these applications. Norbert -- OpenPGP public key http://www.linuxnetworks.de/norbert.pubkey.asc
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
