[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Apostrophe in username
From: Herwin Weststrate <freeradius () herwinw ! nl>
Date: 2018-10-30 18:46:55
Message-ID: 421ffb3a-c98b-2dca-5630-4389e292c53b () herwinw ! nl
[Download RAW message or body]
Stefan Winter wrote:
> Hi,
>
> > > Not a problem if the queries are properly escaped or parameterised.
> >
> > That's what the "safe_characters" configuration does. Allows "safe" characters, \
> > and escapes everything else.
>
> Well, to be fair to the OP: using prepared statements would make all
> those escaping adventures obsolete.
>
> In other projects, I learned to love the ability to defer all escaping
> questions to the library, and just send the stuff I want to send, with
> peace of mind that this is exactly what will end up in the DB.
There is an open issue for that:
https://github.com/FreeRADIUS/freeradius-server/issues/830
--
Herwin Weststrate
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic