rlm_sql and string escaping
unik at compot.ru
Tue Sep 8 13:53:57 CEST 2015
I'm currently trying to port our custom GPL'ed FreeRADIUS module to
3.x. In addition to updating it to work on newer versions I tried to
convert it from using our own half-assed SQL abstraction layer to
rlm_sql's (using rlm_sqlhpwippool as an inspiration). While doing that
I noticed that there are no DB-specific mechanisms to escape strings
for use in DB queries (sql_escape_func is too strict and doesn't know
about DB escaping rules).
So my question is - is it ok for me to extend rlm_sql with DB-specific
string escaping API, and if so, what are your suggestions and
requirements for such an API?
One thing to consider is that data-string-escaping and identifier
-string-escaping follow different rules in several DBs.
My current plan is:
* Add another function pointer to rlm_sql instance
* Make it default to sql_escape_func.
* Check if driver implements its own string escaping function,
and if so, replace sql_string_escape_func with it.
This implies that new function will have the same signature
With best regards,
mailto:unik at compot.ru
Maksim Co. Ltd.
work: +7 495 981-0313
cell: +7 926 619-8997
23 Barishikha st.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the Freeradius-Users