-
Marek Szymczak authored
mysql_real_escape_string() function was found insecure when sql_mode was set to NO_BACKSLASH_ESCAPES. mysql_real_escape_string() function reports error when sql_mode is set to NO_BACKSLASH_ESCAPES. Newly introduced API function mysql_real_escape_string_quote() should be used instead. Additional char type parameter allows to specify, which character should be doubled. Doubled character is a quote character of the identifier or a string within a SQL query. client/mysql_secure_installation.cc client/mysqldump.c client/mysqlimport.c client/mysqlshow.c Every occurrence of mysql_real_escape_string() replaced with mysql_real_escape_string_quote(). include/errmsg.h Insecure API error message code added (CR_INSECURE_API_ERR / 2062). libmysql/errmsg.cc Insecure API error message text added. include/my_sys.h mysys/charset.c escape_quotes_for_mysql() extended to support additional parameter (char quote). include/mysql.h include/mysql.h.pp mysql_real_escape_string_quote() function declaration added. libmysql/CMakeLists.txt mysql_real_escape_string_quote() function added to the client API set. libmysql/libmysql.cc mysql_real_escape_string_quote() function definition added. libmysql/libmysql.def libmysqld/libmysqld.def mysql_real_escape_string_quote() function added to the lib exports. mysql-test/r/mysqlshow.result mysql-test/t/mysqlshow.test MTR test extended to support grave accent (`) table name tests. sql/sql_initialize.cc escape_quotes_for_mysql() call replaced with escape_string_for_mysql(). tests/mysql_client_test.c Tests of the mysql_real_escape_string_quote() function added.
Marek Szymczak authoredmysql_real_escape_string() function was found insecure when sql_mode was set to NO_BACKSLASH_ESCAPES. mysql_real_escape_string() function reports error when sql_mode is set to NO_BACKSLASH_ESCAPES. Newly introduced API function mysql_real_escape_string_quote() should be used instead. Additional char type parameter allows to specify, which character should be doubled. Doubled character is a quote character of the identifier or a string within a SQL query. client/mysql_secure_installation.cc client/mysqldump.c client/mysqlimport.c client/mysqlshow.c Every occurrence of mysql_real_escape_string() replaced with mysql_real_escape_string_quote(). include/errmsg.h Insecure API error message code added (CR_INSECURE_API_ERR / 2062). libmysql/errmsg.cc Insecure API error message text added. include/my_sys.h mysys/charset.c escape_quotes_for_mysql() extended to support additional parameter (char quote). include/mysql.h include/mysql.h.pp mysql_real_escape_string_quote() function declaration added. libmysql/CMakeLists.txt mysql_real_escape_string_quote() function added to the client API set. libmysql/libmysql.cc mysql_real_escape_string_quote() function definition added. libmysql/libmysql.def libmysqld/libmysqld.def mysql_real_escape_string_quote() function added to the lib exports. mysql-test/r/mysqlshow.result mysql-test/t/mysqlshow.test MTR test extended to support grave accent (`) table name tests. sql/sql_initialize.cc escape_quotes_for_mysql() call replaced with escape_string_for_mysql(). tests/mysql_client_test.c Tests of the mysql_real_escape_string_quote() function added.
Loading