[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-sql quote characters in query

To: "Anatoly" <tolich.arz@gmail.com>
Subject: Re: back-sql quote characters in query
From: masarati@aero.polimi.it
Date: Sun, 24 Jan 2010 15:58:30 +0100 (CET)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <f2c824891001231756s59f73283x50b804a1706875f2@mail.gmail.com>
References: <f2c824891001231756s59f73283x50b804a1706875f2@mail.gmail.com>
User-agent: SquirrelMail/1.4.9a

> Hello.
>
> I'm using openldap 2.4.19 with sql backend. I have a troubles with
> queries that contains single-quote ( ' ) character.
> For example, if I searching for (cn=Zool'man):
>
> <==backsql_srch_query() returns SELECT DISTINCT
> ldap_entries.id,phpbb_users.user_id,varchar_ci('phpbbUser') AS
> objectClass,ldap_entries.dn AS dn FROM ldap_entries,phpbb_users WHERE
> phpbb_users.user_id=ldap_entries.keyval AND ldap_entries.oc_map_id=?
> AND 9=9 AND (varchar_ci(phpbb_users.username)='ZOOL'MAN')
> Constructed query: SELECT DISTINCT
> ldap_entries.id,phpbb_users.user_id,varchar_ci('phpbbUser') AS
> objectClass,ldap_entries.dn AS dn FROM ldap_entries,phpbb_users WHERE
> phpbb_users.user_id=ldap_entries.keyval AND ldap_entries.oc_map_id=?
> AND 9=9 AND (varchar_ci(phpbb_users.username)='ZOOL'MAN')
> id: '2'
> backsql_oc_get_candidates(): error executing query
> Return code: -1
>    nativeErrCode=7 SQLengineState=S1000 msg="[unixODBC]ERROR:  syntax
> error at or near "MAN" at character 271;
>
> In this case query should be like
> varchar_ci(phpbb_users.username)='ZOOL\'MAN' instead of 'ZOOL'MAN'
>
> How to solve this issue? Thanks.

I suggest you file an ITS <http://www.openldap.org/>.  I fear this opens a
can of worms, as escaping risks to be RDBMS dependent.

p.

References:
- back-sql quote characters in query
  - From: Anatoly <tolich.arz@gmail.com>

Prev by Date: back-sql quote characters in query
Next by Date: Re: slapd dying, what next?
Index(es):
- Chronological
- Thread