At Thu, 15 Jan 2004 09:08:44 -0600,
Ray wrote:
>
Thanks for the answer Ray. I am using Oracle 8.1.6. I get the idea of
what you are telling me but I cannot test it now as it is a production
system and I circumvented the problem by eliminating the like clause
in my query. Since the replace of the sql query string happens before
the execution (in xlat module I believe) could it be that the xlat
will try to replace the '%' char even if it is inside a builtin
function?
I will try it in the first chance I get and I will post it to the list
for archiving purposes...
> On Thursday 15 January 2004 04:07, you wrote:
> > Hello to everyone.
> > Can you tell me how can I escape the char '%' to an sql query?
> > I need to execute an sql query like
> >
> > authorize_check_query = "(SELECT rc.ID,es.USERNAME||'@freeRADIUS'
> > USERNAME, rc.ATTRIBUTE ATTRIBUTE, rc.OP OP, rc.VALUE VALUE FROM
> > EPIN_SERIALS es, TMP_RADCHECK rc WHERE ATTRIBUTE NOT LIKE
> > '%Password%' ^^^^^^^^^^^^^^^^^^^^^^^ and es.username =
> > '${sql_user_name2}') UNION (SELECT
> > rc.ID,es.USERNAME||'@freeRADIUS' USERNAME, rc.ATTRIBUTE ATTRIBUTE,
> > rc.OP OP, es.PASSWORD VALUE FROM EPIN_SERIALS es, TMP_RADCHECK rc
> > WHERE ATTRIBUTE LIKE '%Password%' and es.username =
> > '${sql_user_name2}')"
> >
> > but the substitution is not happening right.
> > Sorry if it seems trivial but I am in a panic situation...
>
> i'm not sure with sql server your using, but a guess would be
> like concat('%',replace(password,'%','%%'),'%')
> or
> like '%' & replace(password,'%','%%') & '%'
> but these are both guesses. since i'm not sure which sql server your
> using, its hard to say what built in functions it has or how it
> concatinates strings.
--
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
