rlm_sql sql_escape_func

Hagen M√ľnch hmuench at gordiancode.com
Tue Jan 8 15:32:47 CET 2019


I met the problem that if there are string values in a data base that contain single-quotes, the radius_axlat function expands a "foo'bar" to "foo27bar" by using the sql_escape_func of the rlm_sql module.

I solved it by adding

        case '\'':
            if (outlen <= 2) break;
            out[0] = '\'';
            out[1] = '\'';

            out += 2;
            outlen -= 2;
            len += 2;
To the sql_escape_func.
Do you think this approach is appropriate and would it be possible to add this single-quote escape case to the v3.x source? Thank you.

Take care,

More information about the Freeradius-Devel mailing list