[Pdns-users] PDNS + MySQL results not un-escaped?
Patrick Domack
patrickdk at patrickdk.com
Wed Jan 6 18:27:31 UTC 2010
Most people have solved this issue awhile ago, but some people never
upgrade or review documentation, so here is the things I would check.
Sounds like this is php, so:
Make sure magic_quotes_gpc is not on in php.ini, or by other means
Make sure the php program isn't using add_slashes
If it is using add_slashes, replace with mysql_real_escape_string
Quoting Michael <pdns at nettrust.co.nz>:
> On Wed, 06 Jan 2010 21:56:08 you wrote:
>> Hi Michael
>>
>> > When I enter a DKIM or Domain Keys record, which requires use of ';', the
>> > records on the secondary name server have this character escaped with
>> > '\', as to be expected.
>> >
>> > As this character has a special meaning in MySQL I would think the simple
>> > answer would be to unescape it prior to returning the RR.
>>
>> This is a common misunderstanding of web developers that escaping in MySQL
>> is done by adding backslashes. Instead, escaping is done by calling
>> mysql_real_escape(), which prepares the string to be save when storing it
>> to the database but when fetching the string again, it will be the same as
>> before calling mysql_real_escape(). Therefore, if a web application adds
>> backslashes it corrupts the record and this has to be considered as bug of
>> the web application.
>
> Ok, so is there any downside to adding an unescape to the code and could this
> be done by the programmers?
>
> I didn't write the web based SQL admin... I use the proper MySQL function in
> my own code, but I am not rewriting the web based admin...
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
More information about the Pdns-users
mailing list