Hi, I attempted setting it to a local variable as well. Result was the same. Thanks so much for your suggestions & guidance. It's really appreciated. On Thu, Apr 10, 2008 at 1:02 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with,
--------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some sanity checking to ensure it'll not screw up the SQL... a nasty person could do something trivial like set their Calling station id to "'; drop all from users" :-)
alan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html