Surrounding %s with ' does not work at all. Empty username causes the same error and a valid username ends with:
[Sun Sep 28 10:58:47.351564 2014] [auth_basic:error] [pid 1824:tid 1636] [client 127.0.0.1:2461] AH01618: user XY not found: / I think dbd_odbc driver uses prepared SQL statements and it provides single quotes around string parameters automatically on its own. This is OK but something is wrong with empty values. R. ------------------- > Date: Sun, 28 Sep 2014 09:14:53 +0200 > From: [email protected] > To: [email protected] > Subject: [users@httpd] Re: Empty username causes internal server error > > Hi, > > Could you try with ' around the %s? > SELECT password FROM member WHERE CONVERT(VARCHAR(10), > member_Index) = '%s' > This way, if the username is empty, the request will still be valid. > > CJ > > Le 27/09/2014 22:23, Radek Pospíšil a écrit : >> Hello, >> >> I am using user authentication with the following components: >> >> Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC >> Driver + Microsoft SQL Server 2008(SP3). >> >> It works fine except when I do not provide any username when browser asks >> for username and password. In this case I receive the "Internal Server >> Error" as the response instead of "Unauthorized" response. >> >> The most interesting part of the error.log is: >> >> [Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] >> [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in >> database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at >> apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision >> value HY104 ] >> >> The AuthDBDUserPWQuery directive in my httpd.conf is: >> >> AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), >> member_Index) = %s" >> >> And the member_Index column in the database is smallint. >> >> Is it a bug or am I missing something? Any ideas are welcome. >> >> Thanx, >> >> Radek >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
