Hi, I attempted setting it to a local variable as well.
Result was the same. Thanks so much for your suggestions & guidance. It's really appreciated. On Thu, Apr 10, 2008 at 1:02 PM, <[EMAIL PROTECTED]> wrote: > Hi, > > > > My next query is when I tried to retrieve the CallerId from a Mysql DB > > using the same perl script with, > > > > --------- > > use Mysql; > > : > > : > > $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM > > auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"); > > your escape characters are wrong > > $RAD_REQUEST{\'Calling-Station-Id\'} > > personally, i would set the value into a local variable and do some > sanity checking to ensure it'll not screw up the SQL... a nasty > person could do something trivial like set their Calling station id > to "'; drop all from users" :-) > > alan > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html