[OWASP-ESAPI] MySQL Codec, issue #21

Chris Schmidt chrisisbeef at gmail.com
Fri Dec 4 21:32:22 EST 2009


+1 for me

Sent from my iPwn

On Dec 4, 2009, at 7:19 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Per http://code.google.com/p/owasp-esapi-java/issues/detail?id=21  
> (which I reopened and tagged as a 1.4 and a 2.0 issue):
>
> I'd like to change the MySQL codec so it defaults to   ANSI_MODE
>
> which encodes ' to ''
>
> and decodes '' to '
>
> only.
>
> Right now, the MySQL codec defaults to the following, which I think is
> not a very common use case.
>
>    private String encodeCharacterMySQL( Character c ) {
>        char ch = c.charValue();
>        if ( ch == 0x00 ) return "\\0";
>        if ( ch == 0x08 ) return "\\b";
>        if ( ch == 0x09 ) return "\\t";
>        if ( ch == 0x0a ) return "\\n";
>        if ( ch == 0x0d ) return "\\r";
>        if ( ch == 0x1a ) return "\\Z";
>        if ( ch == 0x22 ) return "\\\"";
>        if ( ch == 0x25 ) return "\\%";
>        if ( ch == 0x27 ) return "\\'";
>        if ( ch == 0x5c ) return "\\\\";
>        if ( ch == 0x5f ) return "\\_";
>        return "\\" + c;
>    }
>
> Is this acceptable?
>
> - Jim
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi


More information about the OWASP-ESAPI mailing list