OSCommerce Product Manager

OSCommerce Product Manager for Windows
Tasklist

FS#137 - Underscores in the text are escaped with a backslash....

Attached to Project: OSCommerce Product Manager
Opened by Mario A. Valdez-Ramirez (mvaldez) - Friday, 15 October 2004, 07:46 GMT-6
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Friday, 15 October 2004, 07:47 GMT-6
Task Type Bug Report
Category Backend / Core
Status Closed
Assigned To Mario A. Valdez-Ramirez (mvaldez)
Operating System All
Severity Low
Priority Immediate
Reported Version any
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Underscores in any text being passed to SQL strings have their undersocres (_) escaped with a backslash.

I can't remember why we did this. The function FNopm_CleanSQLString in dataman.pas escapes backslashes, single quotes and percent symbols. Also, it deletes tabs and backspaces, and also convert double-quotes to double single-quotes, LF and CR to escaped representations. All this to secure the interface against SQL injection.

But I can't remember why we disallowed underscores.

Let's reenable it again.
This task depends upon

Closed by  Mario A. Valdez-Ramirez (mvaldez)
Friday, 15 October 2004, 07:47 GMT-6
Reason for closing:  

Loading...