[Fixed 7.3][7.2] database info query does not escape special characters

You are not logged in. [Log In] UBB.threads Community » Forums » UBB.threads 7 Discussion » Bug Reports
» Fixed Bugs » [Fixed 7.3][7.2] database info query does not escape special characters

Site Links

Top Posters (30 Days)

Latest Photos

Page 1 of 2

Topic Options

Rate This Topic

#195247 - 08/26/07 09:29 AM [Fixed 7.3][7.2] database info query does not escape special characters
blaaskaak Registered: 08/30/06 Posts: 1299 Loc: Breda, NL	Control panel > database tools > info /admin/dbinfo.php Code: SHOW TABLE STATUS LIKE '{$config['TABLE_PREFIX']}%' This query does not escape special characters, like the underscore. I have both an ubbtest_ and ubbt_, and if I do a database info on the ubbt_ setup, I also get all ubbtest_ tables. Escaping the underscore with an \ would do the trick. Not really a biggy I guess $\:\)$ _________________________
Top

#195250 - 08/26/07 09:32 AM Re: [7.2] database info query does not escape special characters [Re: blaaskaak]
Rick Registered: 06/04/06 Posts: 7898 Loc: Aberdeen, WA	Thanks for the info. Already have 7.2.2 packaged up, but I'll make a note on this to get it fixed for the next release. _________________________ UBB.threads™ Developer My Personal Website · StogieSmokers.com
Top

#195435 - 08/27/07 12:43 PM Re: [7.2] database info query does not escape special characters [Re: Rick]
blaaskaak Registered: 08/30/06 Posts: 1299 Loc: Breda, NL	Originally Posted By: Rick Already have 7.2.2 packaged up, In case your waiting for my permission, it's ok to but in the members area $\:\)$ _________________________
Top

#195436 - 08/27/07 01:04 PM Re: [7.2] database info query does not escape special characters [Re: blaaskaak]
Sirdude Registered: 04/19/07 Posts: 2077 Loc: SoCal, USA	using LIKE is not the way to go either, because there is no guarantee of _ after each prefix... yes, i always DO use _, but it's not forced upon the admin at setup.. assume there are two db's 'ubbt' and 'ubbtest' (no underscore).. the like will match both too if the query did "like ubbt%" best way is to do an equality check on the actual prefix including the length.. ie: Code: SHOW TABLE STATUS WHERE LEFT(Name,LENGTH('{$config['TABLE_PREFIX']}')) = '{$config['TABLE_PREFIX']}' this should also handle the _ problem you had.. assumes latin1 charset (you may have different) $;\)$ 2c _________________________
Top

#195437 - 08/27/07 01:11 PM Re: [7.2] database info query does not escape special characters [Re: Sirdude]
blaaskaak Registered: 08/30/06 Posts: 1299 Loc: Breda, NL	Originally Posted By: Sirdude using LIKE is not the way to go either, because there is no guarantee of _ after each prefix... yes, i always DO use _, but it's not forced upon the admin at setup.. I know it's not guaranteed. But doesn't escaping the _ with a \ make sure you test for ubbt_ instead of ubbt?. Don't see why like can't do the trick we want. Originally Posted By: MrDude this should also handle the _ problem you had.. $;\)$ well, it definatly saves adding code to escape the _. _________________________
Top

#195438 - 08/27/07 01:15 PM Re: [7.2] database info query does not escape special characters [Re: blaaskaak]
Sirdude Registered: 04/19/07 Posts: 2077 Loc: SoCal, USA	sure it will, if we assume _ is forced.. i will cede that point. now some poor bastard is gonna leave an _ out and he won't get what he expects.. it only affects that one line, so i was suggesting how to handle all cases.. i would be interested if that query handles the _ for you though.. without escaping the _ .. because i have the exact same setup .. (ubbt_ and ubbtmuhaha_) and it works ... so all i can see is that we have two diff charsets for the db? or diff version of mysql ? (i have latin1, mysql5) and DON'T have to escape the _ .. hehe postscript.. a user can still screw themselves if the WANT.. but i wouldn't worry too much about it either.. ie: ubbt_ and ubbt_new_ $;\)$ so we are splitting hairs to an extent, but i like to go 'geek' every so often $\:D$ _________________________
Top

#195441 - 08/27/07 01:30 PM Re: [7.2] database info query does not escape special characters [Re: Sirdude]
blaaskaak Registered: 08/30/06 Posts: 1299 Loc: Breda, NL	Originally Posted By: Sirdude sure it will, if we assume _ is forced.. i will cede that point. Don't need to asume that. Just a need to escape the _ in the prefix, if it's used. And the % is someone is smart enough to use that. Gonna test the alternative query now. Edit: Your alternatives is A okay here also. Edited by blaaskaak (08/27/07 01:35 PM) Edit Reason: I tested something, whoohoo! _________________________
Top

#195442 - 08/27/07 01:36 PM Re: [7.2] database info query does not escape special characters [Re: blaaskaak]
Sirdude Registered: 04/19/07 Posts: 2077 Loc: SoCal, USA	thanks blaask for trying that. the reason i was wondering is because we use _ everywhere and i don't see why it makes a diff in THIS case.. only thing (and i'd have to look it up) is that 'LIKE' somehow doesn't care about them? dunno $\:\($ _________________________
Top

#195443 - 08/27/07 01:37 PM Re: [7.2] database info query does not escape special characters [Re: Sirdude]
Sirdude Registered: 04/19/07 Posts: 2077 Loc: SoCal, USA	lol i just read your reply... i guess _ and LIKE are causing it.. i'll check mysql manual on that.. mssql doesn't care, i know.. _________________________
Top

#195444 - 08/27/07 01:44 PM Re: [7.2] database info query does not escape special characters [Re: Sirdude]
blaaskaak Registered: 08/30/06 Posts: 1299 Loc: Breda, NL	Originally Posted By: Sirdude i guess _ and LIKE are causing it.. i'll check mysql manual on that.. Don't need to guess, the _ is causing it. In like, the % is like the * and the _ is like the ?. Hmm, this made more sense typing it then reading it back $\:\)$ _________________________
Top

Page 1 of 2

Hop to:

Shout Box

Today's Birthdays