[OWASP-ESAPI] MySQL Codec, issue #21

Jeff Ichnowski jeff.ichnowski at owasp.org
Tue Dec 22 01:14:05 EST 2009


A little late, but +1 from me.  I double checked against
http://dev.mysql.com/doc/refman/5.1/en/string-syntax.html if it helps.  The
only wrinkle I see is this thing called
"NO_BACKSLASH_ESCAPES<http://dev.mysql.com/doc/refman/5.1/en/server-sql-mode.html#sqlmode_no_backslash_escapes>
".



On Fri, Dec 4, 2009 at 6:32 PM, Chris Schmidt <chrisisbeef at gmail.com> wrote:

> +1 for me
>
> Sent from my iPwn
>
> On Dec 4, 2009, at 7:19 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
> > Per http://code.google.com/p/owasp-esapi-java/issues/detail?id=21
> > (which I reopened and tagged as a 1.4 and a 2.0 issue):
> >
> > I'd like to change the MySQL codec so it defaults to   ANSI_MODE
> >
> > which encodes ' to ''
> >
> > and decodes '' to '
> >
> > only.
> >
> > Right now, the MySQL codec defaults to the following, which I think is
> > not a very common use case.
> >
> >    private String encodeCharacterMySQL( Character c ) {
> >        char ch = c.charValue();
> >        if ( ch == 0x00 ) return "\\0";
> >        if ( ch == 0x08 ) return "\\b";
> >        if ( ch == 0x09 ) return "\\t";
> >        if ( ch == 0x0a ) return "\\n";
> >        if ( ch == 0x0d ) return "\\r";
> >        if ( ch == 0x1a ) return "\\Z";
> >        if ( ch == 0x22 ) return "\\\"";
> >        if ( ch == 0x25 ) return "\\%";
> >        if ( ch == 0x27 ) return "\\'";
> >        if ( ch == 0x5c ) return "\\\\";
> >        if ( ch == 0x5f ) return "\\_";
> >        return "\\" + c;
> >    }
> >
> > Is this acceptable?
> >
> > - Jim
> >
> > _______________________________________________
> > OWASP-ESAPI mailing list
> > OWASP-ESAPI at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-esapi
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091221/0b784106/attachment.html 


More information about the OWASP-ESAPI mailing list