Bug Report - Mailing list pgsql-bugs
| From | Branden R. Williams |
|---|---|
| Subject | Bug Report |
| Date | |
| Msg-id | Pine.LNX.4.58.0310071600510.26390@altair.kickinit.net Whole thread Raw |
| Responses |
Re: Bug Report
Re: Bug Report |
| List | pgsql-bugs |
============================================================================
POSTGRESQL BUG REPORT TEMPLATE
============================================================================
Your name : Branden R. Williams
Your email address : brw@brw.net
System Configuration
---------------------
Architecture (example: Intel Pentium) : Intel Pentium
Operating System (example: Linux 2.0.26 ELF) : Linux 2.4.18 ELF
PostgreSQL version (example: PostgreSQL-7.3.4): PostgreSQL-7.3.4
Compiler used (example: gcc 2.95.2) : Your RPM, RH 8.
Please enter a FULL description of your problem:
------------------------------------------------
When using the replace() function, it appears that some of the output is
filtered through a printf variant. If you have legitimate db characters
that are also printf flags, it causes big problems.
Please describe a way to repeat the problem. Please try to provide a
concise reproducible example, if at all possible:
----------------------------------------------------------------------
Place this data inside one field in a db...
/estore/purchase_licenses.asp?numberoflicenses='UNION'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='UNION'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='%22&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='%22&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=9%2c+9%2c+9&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=9%2c+9%2c+9&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='bad_bad_value&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='bad_bad_value&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=bad_bad_value'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=bad_bad_value'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='+OR+'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='+OR+'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='WHERE&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='WHERE&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=%3B&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=%3B&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='OR&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='OR&ID=1& =
Now pretend that you want to filter out various characters, including the
% because %2c is something that printf uses. In my app, I use printf to
parse data that comes from the database, so I need to fix this.
Doing a nested replace, select the field out using the following
commands...
replace(replace(replace(reportresults.data, chr(92), '\'), chr(37),
'%'), chr(9), '') as data
Look at the results and you will notice the select does not look like it
does if you do not filter at all (or have the replaced characters in there
on some lines).
If you know how this problem might be fixed, list the solution below:
---------------------------------------------------------------------
You will probably have to filter out any % so that printf does not try to
interpret it.
pgsql-bugs by date: