Skip to content

Use safer quoting for placeholders #458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 3, 2025
Merged

Use safer quoting for placeholders #458

merged 2 commits into from
Jan 3, 2025

Conversation

mattlaw
Copy link

@mattlaw mattlaw commented Jan 3, 2025

Switch to mysql_real_escape_string_quote for placeholder replacement, allowing placeholders to be used when NO_BACKSLASH_ESCAPES is in effect.

Use safer quoting for placeholders
9eaff3f 
Switch to mysql_real_escape_string_quote for placeholder replacement,
allowing placeholders to be used when NO_BACKSLASH_ESCAPES is in effect.
@dveeden
Copy link
Collaborator

dveeden commented Jan 3, 2025

Closing this as it seems to be the same diff as #457

@dveeden dveeden closed this Jan 3, 2025
@mattlaw
Copy link
Author

mattlaw commented Jan 3, 2025

It's the same diff, but on different branches. This one is a backport for v4

@dveeden dveeden reopened this Jan 3, 2025
@dveeden
Copy link
Collaborator

dveeden commented Jan 3, 2025

It's the same diff, but on different branches. This one is a backport for v4

Ah. I missed that. I'll merge this once #457 has been merged.

@dveeden dveeden merged commit b285963 into perl5-dbi:v4 Jan 3, 2025
4 of 5 checks passed
@dveeden dveeden added this to the 4.053 milestone Jan 3, 2025
@mattlaw mattlaw deleted the no_backslash_escapes_v4 branch January 3, 2025 14:41
@gregoa
Copy link

gregoa commented Feb 7, 2025

Fails with MariaDB, and my assumption was that the 4.* branch should keep compatibility with MariaDB?

dbdimp.c: In function 'parse_params':
dbdimp.c:769:22: error: implicit declaration of function 'mysql_real_escape_string_quote'; did you mean 'mysql_real_escape_string'? [-Wimplicit-function-declaration]
  769 |               ptr += mysql_real_escape_string_quote(sock, ptr, valbuf, vallen, '\'');
      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                      mysql_real_escape_string
make[1]: *** [Makefile:358: dbdimp.o] Error 1

@dveeden dveeden mentioned this pull request Feb 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.053
Development

Successfully merging this pull request may close these issues.
3 participants
@mattlaw @dveeden @gregoa