ENV variables in external scripts
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Apr 10 13:02:28 CEST 2008
Hi,
> My next query is when I tried to retrieve the CallerId from a Mysql DB
> using the same perl script with,
>
> ---------
> use Mysql;
> :
> :
> $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM
> auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')");
your escape characters are wrong
$RAD_REQUEST{\'Calling-Station-Id\'}
personally, i would set the value into a local variable and do some
sanity checking to ensure it'll not screw up the SQL... a nasty
person could do something trivial like set their Calling station id
to "'; drop all from users" :-)
alan
More information about the Freeradius-Users
mailing list