Re: [gnome-db] patch to replace gda_connection_escape_string() with gda_connection_value_to_sql_string()

From: Bas Driessen <bas driessen xobas com>
To: Alan Knowles <alan akbkhome com>
Cc: Rodrigo Moya <rodrigo gnome-db org>, GNOME-DB List <gnome-db-list gnome org>
Subject: Re: [gnome-db] patch to replace gda_connection_escape_string() with gda_connection_value_to_sql_string()
Date: Tue, 19 Apr 2005 21:16:49 +1000

On Tue, 2005-04-19 at 12:46 +1000, Bas Driessen wrote:

On Tue, 2005-04-19 at 10:37 +0800, Alan Knowles wrote:

Bas, can you try this patch, it builds ok here, and should export the
method to the right place.

http://devel.akbkhome.com/svn/index.php/libgda/to_sql_string_fixes.diff.txt

At present the to_sql_local is susceptable to SQL injection attacks, so
it's probably better to use the string escaping in this.

Regards
Alan

Preliminary testing indicates that all is OK with this modification this time. I am happy to have this patch applied to CVS.

Thanks,
Bas.

References:
- Re: [gnome-db] patch to replace gda_connection_escape_string() with gda_connection_value_to_sql_string()
  - From: Bas Driessen
- Re: [gnome-db] patch to replace gda_connection_escape_string() with gda_connection_value_to_sql_string()
  - From: Alan Knowles
- Re: [gnome-db] patch to replace gda_connection_escape_string() with gda_connection_value_to_sql_string()
  - From: Alan Knowles
- Re: [gnome-db] patch to replace gda_connection_escape_string() with gda_connection_value_to_sql_string()
  - From: Bas Driessen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]