Re: [RDBO] Bitfield problem - again

[John Siracusa]

On 1/24/06, Rob Kinyon <[EMAIL PROTECTED]> wrote:
> It's a $dbh attribute.
>
> $dbh->{mysql_unsafe_bind_type_guessing} = 1;
>
> The reason it's considered 'unsafe' is that, theoretically, it's a
> place where SQL Injection -could- occur. However, it's extremely
> unlikely, given the strictness of the parsing. (You can review the
> parsing yourself - it's in dbdimp.c)

Okay, I'll give it a try.  It won't be unsafe in the context of RDBO
bitfields because the values are produced by format_bitfield(), which
we control.  Of course, now I have to add code to figure out when I
need to use this attribute and when I don't.  Safe or not, I don't
want to have it turned on for every query.

-John


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Rose-db-object mailing list
Rose-db-object@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rose-db-object