On Fri, 2003-12-05 at 06:28, Avis, Ed wrote:
> Jenda Krynicky <[EMAIL PROTECTED]> wrote:
>
> >> die "bad value $foo" if $foo =~ tr/'//;
> >> $sql = "select * from a where x = '$foo'";
>
> >>in this particular case you can assume that in SQL only another '
> >>character can terminate a string quoted with '.
>
> >I'm afraid this depends on the database. I'd expect "\0" to be
> >problematic to some databases as well.
>
> Hmm, looks like you're right. Both Sybase and Oracle choke on NUL in
> the middle of a quoted string. Unfortunately Sybase also goes wrong
> when you use placeholders!
>From the DBD::Sybase code (around line 3560 in dbdimp.c):
default:
phs->datafmt.datatype = CS_CHAR_TYPE;
value = phs->sv_buf;
value_len = CS_NULLTERM; /*Allow embeded NUL bytes in strings?*/
/* PR/446: should an empty string cause a NULL, or not? */
if(*(char*)value == 0) {
if(imp_dbh->bindEmptyStringNull) {
value = NULL;
value_len = CS_UNUSED;
} else {
value = " ";
}
}
break;
As you can see the value_len is set the CS_NULLTERM, which tells
Sybase/OpenClient that the string is null-terminated.
As the comment suggests, this is probably/possibly a bug, although it
hasn't come up before as an issue.
Michael
--
Michael Peppler Data Migrations, Inc.
[EMAIL PROTECTED] http://www.mbay.net/~mpeppler
Sybase T-SQL/OpenClient/OpenServer/C/Perl developer available for short or
long term contract positions - http://www.mbay.net/~mpeppler/resume.html
