Apostrophe in username

Herwin Weststrate freeradius at herwinw.nl
Tue Oct 30 19:46:55 CET 2018


Stefan Winter wrote:
> Hi,
> 
>>> Not a problem if the queries are properly escaped or parameterised.
>>
>>    That's what the "safe_characters" configuration does.  Allows "safe" characters, and escapes everything else.
> 
> Well, to be fair to the OP: using prepared statements would make all
> those escaping adventures obsolete.
> 
> In other projects, I learned to love the ability to defer all escaping
> questions to the library, and just send the stuff I want to send, with
> peace of mind that this is exactly what will end up in the DB.

There is an open issue for that: 
https://github.com/FreeRADIUS/freeradius-server/issues/830


-- 
Herwin Weststrate


More information about the Freeradius-Users mailing list