[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Apostrophe in username
From:       Herwin Weststrate <freeradius () herwinw ! nl>
Date:       2018-10-30 18:46:55
Message-ID: 421ffb3a-c98b-2dca-5630-4389e292c53b () herwinw ! nl
[Download RAW message or body]

Stefan Winter wrote:
> Hi,
> 
> > > Not a problem if the queries are properly escaped or parameterised.
> > 
> > That's what the "safe_characters" configuration does.  Allows "safe" characters, \
> > and escapes everything else.
> 
> Well, to be fair to the OP: using prepared statements would make all
> those escaping adventures obsolete.
> 
> In other projects, I learned to love the ability to defer all escaping
> questions to the library, and just send the stuff I want to send, with
> peace of mind that this is exactly what will end up in the DB.

There is an open issue for that: 
https://github.com/FreeRADIUS/freeradius-server/issues/830


-- 
Herwin Weststrate
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]