rlm_sql sql_escape_func
Alan DeKok
aland at deployingradius.com
Tue Jan 8 15:40:56 CET 2019
On Jan 8, 2019, at 9:32 AM, Hagen Münch <hmuench at gordiancode.com> wrote:
>
>
> I met the problem that if there are string values in a data base that contain single-quotes, the radius_axlat function expands a "foo'bar" to "foo27bar" by using the sql_escape_func of the rlm_sql module.
That's what the SQL escape function does.
> I solved it by adding
> ...
> Do you think this approach is appropriate and would it be possible to add this single-quote escape case to the v3.x source? Thank you.
It's not correct.
You can set "sql_safe_characters" in the SQL configuration. See raddb/mods-config/sql/main/*/queries.conf for more information.
Alan DeKok.
More information about the Freeradius-Devel
mailing list