FS#137 : Underscores in the text are escaped with a backslash....

OSCommerce Product Manager for Windows

FS#137 - Underscores in the text are escaped with a backslash....

Attached to Project: OSCommerce Product Manager
Opened by Mario A. Valdez-Ramirez (mvaldez) - Friday, 15 October 2004, 12:46 GMT
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Friday, 15 October 2004, 12:47 GMT

Task Type	Bug Report
Category	Backend / Core
Status	Closed
Assigned To	Mario A. Valdez-Ramirez (mvaldez)
Operating System	All
Severity	Low
Priority	Immediate
Reported Version	any
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Underscores in any text being passed to SQL strings have their undersocres (_) escaped with a backslash.

I can't remember why we did this. The function FNopm_CleanSQLString in dataman.pas escapes backslashes, single quotes and percent symbols. Also, it deletes tabs and backspaces, and also convert double-quotes to double single-quotes, LF and CR to escaped representations. All this to secure the interface against SQL injection.

But I can't remember why we disallowed underscores.

Let's reenable it again.

This task depends upon

Closed by Mario A. Valdez-Ramirez (mvaldez)
Friday, 15 October 2004, 12:47 GMT
Reason for closing:

Comments (0)
Related Tasks (0/0)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

OSCommerce Product Manager

FS#137 - Underscores in the text are escaped with a backslash....

Details

Loading...