[OWASP-ESAPI] MySQL Codec, issue #21

Jim Manico jim.manico at owasp.org
Fri Dec 4 21:19:57 EST 2009


Per http://code.google.com/p/owasp-esapi-java/issues/detail?id=21 (which I reopened and tagged as a 1.4 and a 2.0 issue):

I'd like to change the MySQL codec so it defaults to   ANSI_MODE

which encodes ' to ''

and decodes '' to '

only.

Right now, the MySQL codec defaults to the following, which I think is
not a very common use case.

    private String encodeCharacterMySQL( Character c ) {
        char ch = c.charValue();
        if ( ch == 0x00 ) return "\\0";
        if ( ch == 0x08 ) return "\\b";
        if ( ch == 0x09 ) return "\\t";
        if ( ch == 0x0a ) return "\\n";
        if ( ch == 0x0d ) return "\\r";
        if ( ch == 0x1a ) return "\\Z";
        if ( ch == 0x22 ) return "\\\"";
        if ( ch == 0x25 ) return "\\%";
        if ( ch == 0x27 ) return "\\'";
        if ( ch == 0x5c ) return "\\\\";
        if ( ch == 0x5f ) return "\\_";
        return "\\" + c;
    }

Is this acceptable?

- Jim



More information about the OWASP-ESAPI mailing list