I think your confusing escaping. Escaping in mysql isn't stored in the
database, it's only to pass it though to the server. The mysql server
removed the escaping, before it stored it, so when you read it, it's
clean and ready to be used.
This causes issues as to what needs to be escaped, cause if you escape
everything, mysql won't remove it from everything, and some will be
left behind, like with your ;
This is what mysql_real_escape_string is for. I will ask the server
what needs to be escaped, based on the current charset selected and
encoded being used, and escape those.
Quoting Rudolph Bott <[email protected]>:
Hi List,
maybe there's a misunderstanding here on my side but
mysql_real_escape_string() still adds backslashes to some special chars
(like ' or " and \), doesnt it? That would probably not affect the case of
escaping a semicolon like stated below.
But what happens if theres a TXT record contaning ', " or \? PowerDNS
would still retrieve those strings as they are and deliver the record
including the escape-backslashes. Does anyone know how other database
backends for powerdns or other nameservers with DB backends handle this
scenario?
On Wed, 06 Jan 2010 13:27:31 -0500, Patrick Domack
<[email protected]> wrote:
Most people have solved this issue awhile ago, but some people never
upgrade or review documentation, so here is the things I would check.
Sounds like this is php, so:
Make sure magic_quotes_gpc is not on in php.ini, or by other means
Make sure the php program isn't using add_slashes
If it is using add_slashes, replace with mysql_real_escape_string
Quoting Michael <[email protected]>:
On Wed, 06 Jan 2010 21:56:08 you wrote:
Hi Michael
> When I enter a DKIM or Domain Keys record, which requires use of
';',
> the
> records on the secondary name server have this character escaped
with
> '\', as to be expected.
>
> As this character has a special meaning in MySQL I would think the
> simple
> answer would be to unescape it prior to returning the RR.
This is a common misunderstanding of web developers that escaping in
MySQL
is done by adding backslashes. Instead, escaping is done by calling
mysql_real_escape(), which prepares the string to be save when storing
it
to the database but when fetching the string again, it will be the
same
as
before calling mysql_real_escape(). Therefore, if a web application
adds
backslashes it corrupts the record and this has to be considered as
bug
of
the web application.
Ok, so is there any downside to adding an unescape to the code and
could
this
be done by the programmers?
I didn't write the web based SQL admin... I use the proper MySQL
function in
my own code, but I am not rewriting the web based admin...
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
--
Mit freundlichen Grüßen / with kind regards
Rudolph Bott
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
