shibboleth-dev - RE: ODBC Store: makeSafeSQL
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: ODBC Store: makeSafeSQL
- Date: Tue, 26 Feb 2008 13:00:39 -0500
- Organization: The Ohio State University
> What I expect from makeSafeSQL() is to escape quotes, so maybe line 241
> of odbc-store.cpp should be:
>
> if (*src=='\'') *s++ = '\\';
>
> instead of:
>
> if (*src=='\'') *s++ = '\'';
The normal way to escape quotes is with a doubling of the quote, not with a
backslash. I don't believe that every database supports backslash escapes.
Best I can do is make it a parameter.
> The log refers to unescaped string, so the double quote is not present.
Right.
-- Scott
- ODBC Store: makeSafeSQL, giacomo tenaglia, 02/26/2008
- RE: ODBC Store: makeSafeSQL, Scott Cantor, 02/26/2008
- RE: ODBC Store: makeSafeSQL, Scott Cantor, 02/26/2008
- <Possible follow-up(s)>
- Re: ODBC Store: makeSafeSQL, giacomo tenaglia, 02/27/2008
Archive powered by MHonArc 2.6.16.