apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronen Mizrahi <ro...@tversity.com>
Subject Bug in sql escaping in apr_dbd_sqlite2 and apr_dbd_sqlite3
Date Fri, 30 Dec 2005 08:22:09 GMT
*The following code (used both in apr_dbd_sqlite2.c and in apr_dbd_sqlite3.c) in order to escaqpe
SQL strings is incorrect.
When the % charcater appears in the arg it is misniterpreted of-course and can have far reaching
side effects.
The proper solution is listed below as well.

INCORRECT:
static* *const* *char* **dbd_sqlite3_escape*(apr_pool_t *pool, *const* *char* *arg,
                                      apr_dbd_t *sql)
{
    *char* *ret = sqlite3_mprintf(arg);
    apr_pool_cleanup_register(pool, ret, (*void* *) sqlite3_free,
                              apr_pool_cleanup_null);
    *return* ret;
}


*CORRECT:
static* *const* *char* **dbd_sqlite3_escape*(apr_pool_t *pool, *const* *char* *arg,
                                      apr_dbd_t *sql)
{
    *char* *ret = sqlite3_mprintf("%q", arg);
    apr_pool_cleanup_register(pool, ret, (*void* *) sqlite3_free,
                              apr_pool_cleanup_null);
    *return* ret;
}


Mime
View raw message