10 Apr
2008
10 Apr
'08
7:02 a.m.
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong $RAD_REQUEST{\'Calling-Station-Id\'} personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-) alan