[Devel] [ openser-Bugs-1653299 ] unixodbc broken by escaping stuff

SourceForge.net noreply at sourceforge.net
Tue Feb 6 14:41:46 CET 2007 

Bugs item #1653299, was opened at 2007-02-06 14:41
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1653299&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Jerome Martin (tramjoe)
Assigned to: Nobody/Anonymous (nobody)
Summary: unixodbc broken by escaping stuff

Initial Comment:
Hello,

As I noted before in the mailing lists, the code submited here to escape SQL queries CAN NOT, WILL NOT and DOES NOT work.

It seems that the error is now engraved even deeper in the core files since sql_escape have been replaced by escape_common in core files.

Apart than the fact that this is not the way SQL queries must be escaped (depends on the SQL engine you use, for one thing, and backslashes are NOT widely accepted), the current code just totally breaks unixodbc :

test random number 846500239
pre_init_tls: Entered
INFO: statistics manager successfully initialized
StateLess module - initializing
TM - initializing...
Maxfwd module- initializing
INFO:ul_init_locks: locks array size 512
TextOPS - initializing
AUTH module - initializing
AUTH_DB module - initializing
unixodbc:SQLExecDirect, rv=-1. Query= select table_version from version where table_name='subscriber
unixodbc:SQLExecDirect=HY000:1:1: Msg 105, Level 15, State 1, Server SQL1, Line 1 Unclosed quotation mark before the character string 'subscriber'.
unixodbc:SQLExecDirect=HY000:2:1: Msg 170, Level 15, State 1, Server SQL1, Line 1 Line 1: Incorrect syntax near 'subscriber'.
unixodbc:db_query: Error while submitting query
table_version(): Error in db_query
ERROR: uri_db:mod_init(): Error while querying table version
init_mod(): Error while initializing module uri_db
INFO:mi_fifo:mi_destroy:memory for the child's mi_fifo_pid was not allocated -> nothing to destroy


Doing the job properly requires more time and thinking (I tried to lauch the conversation, but I believe it was considered too complicated for 1.2), so in the meantime please find attached a patch to revert the changes.

I am using my own patches anyway to handle my particular case (SQL server, which requires escaping ' in strings by ''), so do what you wish. If anyone is motivated about this, I'll be happy to give details on my DB server and how I need to escape strings, but really I think this is for 1.2.1.

Regards,
Jerome


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1653299&group_id=139143

More information about the Devel mailing list