20 Jul
2001
20 Jul
'01
12:14 a.m.
Hi Alain & list!
Quick example of the way to face the bug #439565:
- create a table with one column of type TEXT or VARCHAR(20);
- insert a record with the value: 'say "hello"' (with the doubles
quotes)
- now browse the table and try to modify/delete this record with the links
displayed at the browse screen.
That's all folks ;)
Regards,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
20 Jul
20 Jul
12:32 a.m.
Hi Loïc,
Quick example of the way to face the bug #439565:
- create a table with one column of type TEXT or VARCHAR(20);
- insert a record with the value: 'say "hello"' (with the doubles
quotes)
- now browse the table and try to modify/delete this record with the links
displayed at the browse screen.
I didn't thought it was so easy to trigger, so I tried ... and your example is
sadly right :-{
Looks like a major bug to me ...
Alain.
3:02 a.m.
Re:
Hi All
if this problem is just about 'tick' characters then here is a function that
will sort is out, this function will fix queries like
insert into symbolic (name) values(''say "hello"'')
where the inner tick characters need escaping, the function will turn the
query in to this
insert into symbolic (name) values('\'say "hello"\'')
***** change these lines in db_readdump *****
// sql.php will stripslash the query if get_magic_quotes_gpc
if (get_magic_quotes_gpc() == 1) $sql_query = addslashes($sql_query);
include("./sql.php");
****** to this **********
// sql.php will stripslash the query if get_magic_quotes_gpc
// if (get_magic_quotes_gpc() == 1) $sql_query = addslashes($sql_query);
$sql_query = do_ticks($sql_query);
include("./sql.php");
********** Include this function ***********
function do_ticks($sql)
{
$tok = split (",",$sql);
$sql = "";
$t = count($tok);
for ($j=0; $j<$t; $j++)
{
$parts = split ("'",$tok[0]);
$c = count($parts);
if($c > 3)
{
for ($i=0; $i<$c; $i++)
{
if($i > 0 && $i < $c - 2)
{
$parts[$i] .= "\\'";
}
else
{
$parts[$i] .= "'";
}
}
$sql .= implode ("",$parts);
if($t == 1) $sql = substr ($sql, 0, strlen($sql)-1);
$sql .= ",";
}
else
{
$sql .= implode ("",$parts).",";
}
}
$sql = substr ($sql, 0, strlen($sql)-1);
return($sql);
}
Hope this helps
Pete Kelly
----- Original Message -----
From: "Loïc" <loic-div(a)ifrance.com>
To: "phpMyAdmin" <phpmyadmin-devel(a)lists.sourceforge.net>
Sent: Thursday, July 19, 2001 10:14 PM
Subject: [Phpmyadmin-devel] Re: Using single quotes for better performances
> Quick
example of the way to face the bug #439565:
- create a table with one column of
type TEXT or VARCHAR(20);
- insert a record with the value: 'say "hello"' (with the doubles
quotes)
- now browse the table and try to modify/delete this record with the links
displayed at the browse screen.<< Hi Alain & list!
Quick example of the way to face the bug #439565:
- create a table with one column of type TEXT or VARCHAR(20);
- insert a record with the value: 'say "hello"' (with the doubles
quotes)
- now browse the table and try to modify/delete this record with the links
displayed at the browse screen.
That's all folks ;)
Regards,
Loïc
____________________________________________________________________________
__
ifrance.com, l'email gratuit le plus complet de
l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
_______________________________________________
Phpmyadmin-devel mailing list
Phpmyadmin-devel(a)lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
8:15 p.m.
Folks,
While I don't like this bug, I don't think it's a showstopper. Correct me if
I'm wrong, but the bug
is only triggered if a table does not have a primary key (ok, maybe a primary key with
'say "hello"'
in it would trigger it, but this would be a very unusual kind of primary key).
So in real life, probably people won't face it too often, and it could wait after
2.2.0.
Marc
Loïc a écrit :
Hi Alain & list!
Quick example of the way to face the bug #439565:
- create a table with one column of type TEXT or VARCHAR(20);
- insert a record with the value: 'say "hello"' (with the doubles
quotes)
- now browse the table and try to modify/delete this record with the links
displayed at the browse screen.
That's all folks ;)
8463
days inactive
8464
days old
3 comments
4 participants
participants (4)
-
Alain Brissaud -
Loïc -
Marc Delisle -
webmaster@trafficg.com