[Opensource] Filter bug? mysql escape handler
larry hamel
expresso at codeguild.com
Tue Dec 10 00:16:08 PST 2002
hi,
There is a new escape handler for MySQL, cleverly named MySQLEscapeHandler.java. It replaces a ' with two single quotes, and replaces a \ with two backslashes.
During testing, I ran into problems with one string in particular: {\\}
The only way I can get it to work was by escaping the initial curly brace, so an initial curly brace is escaped with this new handler. I suspect that Filter may be part of the problem, because it is broken for repeated escaped characters. In other words, the following strings are not handled properly in my testing (these are both escaped characters in this handler):
'''''
\\\\\
They receive only a substitution for the first character in each series--Filter ignores the rest.
You can duplicate these results for filtering repeated escape characters with any escape handler. For example, in latest code (assuming you are using the HSQL database, or any other that uses the standard DoubleQuoteEscapeHandler), go to the user administration page and select any user, and edit their descriptive name, putting three or five single quotes in a row. Save and review, and you'll notice there are fewer quotes there, because the first quote is escaped properly, but the additional quotes aren't.
Can you duplicate?
larry
More information about the Opensource
mailing list