30 Jul
2015
30 Jul
'15
9:21 a.m.
On 30-07-15 14:51, d tbsky wrote:
Hi Alan:
ok. then I will give up the idea. I am curious is "\" dangerous?
Say we have a logging function that writes succesful authentications to a database: INSERT INTO logging (timestamp, username) VALUES (now(), '%{User-Name}%') With using the username "foo\" the query would become: INSERT INTO logging (timestamp, username) VALUES (now(), 'foo\') Now the last "'" is escaped and the query generates a syntax error. -- Herwin Weststrate