ENV variables in external scripts
Ivan Kalik
tnt at kalik.net
Thu Apr 10 13:44:15 CEST 2008
$myvalue = $RAD_REQUEST{'Calling-Station-Id'};
# Print it or check in some other way
$myquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE
callerid='" . $myvalue . "'),'y','n')";
# Now print or check in some other way the query to see if it is joined
well
$yourquery = "SELECT IF(EXISTS(SELECT callerid FROM auth WHERE
callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')";
# And print or check in some other way this to see why it doesn't work
$status = $db->Mysql::query($myquery);
Ivan Kalik
Kalik Informatika ISP
Dana 10/4/2008, "rsg" <ranil.santhish at gmail.com> piše:
>Hi,
>
>I attempted setting it to a local variable as well.
>
>Result was the same.
>
>Thanks so much for your suggestions & guidance. It's really appreciated.
>
>
>
>On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
>> Hi,
>>
>>
>> > My next query is when I tried to retrieve the CallerId from a Mysql DB
>> > using the same perl script with,
>> >
>> > ---------
>> > use Mysql;
>> > :
>> > :
>> > $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM
>> > auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
>>
>> your escape characters are wrong
>>
>> $RAD_REQUEST{\'Calling-Station-Id\'}
>>
>> personally, i would set the value into a local variable and do some
>> sanity checking to ensure it'll not screw up the SQL... a nasty
>> person could do something trivial like set their Calling station id
>> to "'; drop all from users" :-)
>>
>> alan
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list