Return-Path: 
 <dev-return-15272-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
Delivered-To: apmail-apr-dev-archive@www.apache.org
Received: (qmail 52247 invoked from network); 12 Jan 2006 17:52:37 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 12 Jan 2006 17:52:37 -0000
Received: (qmail 5375 invoked by uid 500); 12 Jan 2006 17:52:35 -0000
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 5333 invoked by uid 500); 12 Jan 2006 17:52:35 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Id: <dev.apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 5315 invoked by uid 99); 12 Jan 2006 17:52:35 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jan 2006 09:52:35 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of rooneg@gmail.com designates
 64.233.184.200 as permitted sender)
Received: from [64.233.184.200] (HELO wproxy.gmail.com) (64.233.184.200)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jan 2006 09:52:34 -0800
Received: by wproxy.gmail.com with SMTP id i20so419647wra
        for <dev@apr.apache.org>; Thu, 12 Jan 2006 09:52:13 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=UfKlepwsYZyYwhHWadUv/QKasnVHfN01XbTInLGRsxpQDPOX8fiEBkikqhFJnN9VC0smxdDdhVkwRnn2nUNPlVBCrTHrmbKQt0c7eCofac5uXOLpBUxf/rhvxGTl7F0c0ibk7FRHMLzr7XvcRL3c4eE3VpR0IMejYQdxDbROiHc=
Received: by 10.54.83.7 with SMTP id g7mr2854168wrb;
        Thu, 12 Jan 2006 09:52:13 -0800 (PST)
Received: by 10.54.121.15 with HTTP; Thu, 12 Jan 2006 09:52:13 -0800 (PST)
Message-ID: <7edfeeef0601120952t1029b80cv551c77ef0bf008e0@mail.gmail.com>
Date: Thu, 12 Jan 2006 09:52:13 -0800
From: Garrett Rooney <rooneg@electricjellyfish.net>
Sender: rooneg@gmail.com
To: ronen@tversity.com
Subject: Re: Bug in sql escaping in apr_dbd_sqlite2 and apr_dbd_sqlite3
Cc: dev@apr.apache.org
In-Reply-To: <43C69626.9060900@tversity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <600853F5-7936-4BE8-B755-29A85FA12C7E@orionsmg.com>
	 <43B4EE31.6080000@tversity.com> <43C69626.9060900@tversity.com>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

On 1/12/06, Ronen Mizrahi <ronen@tversity.com> wrote:
> Any comments to this?

This is on my todo list, I just haven't gotten around to it.  One
thing that would be helpful would be if you'd send an actual patch
that fixes the problem, instead of just a description of what should
be changed.  Bonus points for a test case that shows the issue ;-)

-garrett