List:MySQL++« Previous MessageNext Message »
From:Kemet Date:May 6 2011 8:46pm
Subject:Re: SSQLS with BINARY column is sometimes not escaped
View as plain text  
Sorry if the post was long and perhaps a bit complicated

> Why do you expect results from the database to be escaped in your 
> program's view of the returned data?  I don't know what the MySQL IPC 
> protocol looks like; there may be some escaping in it, but that's an 
> implementation detail below even MySQL++.  By the time the returned data 
> get transformed into SSQLSes, any such escaping is removed.
>
> The only escaping you should be worrying about is that used to send data 
> *to* the DBMS, and MySQL++ does some escaping for you already.

I do not expect the result from the database to be escaped, and it isn't: 
the fetched element vector[x].prevhash contains the exact binary data from 
the database.
Like you say, the escaping needs to be done when sending data (back) to the 
DBMS, and that is not happening in the second case
(of course not when calling the function, but inside this function when 
building the select query).

To recap in a simpler form:
    1) Get the SSQLS filled with  xxx.prevhash.assign(pointer to binary 
data, length) and then doing:
            q << "SELECT height FROM ChainBlocks WHERE hash=" << 
mysqlpp::quote << xxx.prevhash;

        gets the correct query sent to the database (prevhash is quoted and 
escaped)

    2) Get the SSQLS filled from a select query like:
            q << "SELECT * FROM ChainBlocks WHERE status<1";
            q.storein(some vector y of ChainBlocks);    (vector y gets 
filled correctly with the stored binary data)

        and then doing the exact same SELECT query as above with this vector 
y:
            q << "SELECT height FROM ChainBlocks WHERE hash=" << 
mysqlpp::quote <<< y[i].prevhash;

        doesn't send the correct query: y[i].prevhash only gets quoted, not 
escaped.

So the basic question is: why does the mysqlpp::quote manipulator decides in 
the second case that only quoting is needed ?

Thread
SSQLS with BINARY column is sometimes not escapedKemet5 May
  • Re: SSQLS with BINARY column is sometimes not escapedWarren Young6 May
    • Re: SSQLS with BINARY column is sometimes not escapedKemet6 May
    • Re: SSQLS with BINARY column is sometimes not escapedKemet8 May
      • Re: SSQLS with BINARY column is sometimes not escapedWarren Young8 May
        • SOLVED: SSQLS with BINARY column is only escaped when defined as "NOT NULL"Kemet19 May
          • Re: SOLVED: SSQLS with BINARY column is only escaped when definedas "NOT NULL"Warren Young19 May