30 Oct
2018
30 Oct
'18
2:46 p.m.
Stefan Winter wrote:
Hi,
Not a problem if the queries are properly escaped or parameterised.
That's what the "safe_characters" configuration does. Allows "safe" characters, and escapes everything else.
Well, to be fair to the OP: using prepared statements would make all those escaping adventures obsolete.
In other projects, I learned to love the ability to defer all escaping questions to the library, and just send the stuff I want to send, with peace of mind that this is exactly what will end up in the DB.
There is an open issue for that: https://github.com/FreeRADIUS/freeradius-server/issues/830 -- Herwin Weststrate