Hi everyone We had a few issues in the past with insufficient database escaping, which lead to possible SQL injections due to the use of the deprecated functions mysql_escape_string() and PQescapeString(). These functions do not take the encoding of the established connection into account, which can lead to insufficient escaping, if the encoding of this connection can be set to certain multibyte character encodings (such as GBK). I found the explanation given in this email[0] quite useful to elaborate on the thread. In order to prevent this issue, the new functions mysql_real_escape_string() [1] and PQescapeStringConn()[2] have been added, which honour the specific encoding of the connection. Thanks to Kees, I have prepared a list of packages (below) that are still using the deprecated functions. Apologies for all false-positives, I've tried to eliminate as many as possible. If you find your package in the list below, please have a look at the code and check, if you can change to the new functions. You are likely vulnerable to an SQL injection attack, if you only rely on the deprecated functions for escaping (or have some self-made escaping for that matter) AND if it is possible to set the client encoding. If other encodings, such as UTF-8, are used, you are not vulnerable, so check that as well, please. In the near future, I will try to do the archive scan again and file bugs with severity "normal" for the packages below that are still relying on the deprecated functions. (Should they be found vulnerable, the severity will be raised of course). If you are in doubt about anything or if you found that your package is vulnerable, please contact the security team (team@security.debian.org). Cheers Steffen [0]: http://www.mail-archive.com/pgsql-hackers@postgresql.org/msg71061.html [1]: http://dev.mysql.com/doc/refman/5.0/es/mysql-real-escape-string.html [2]: http://www.postgresql.org/docs/8.4/static/libpq-exec.html ampache: Charlie Smotherman <cjsmo@cableone.net> ./ampache-3.5.1/modules/getid3/extension.cache.mysql.php: $filenam2 = mysql_escape_string($filename); ./ampache-3.5.1/modules/getid3/extension.cache.mysql.php: $res2 = mysql_escape_string(serialize($result)); asterisk-addons: Debian VoIP Team <pkg-voip- maintainers@lists.alioth.debian.org> ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(clid, cdr->clid, strlen(cdr->clid)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(dcontext, cdr->dcontext, strlen(cdr->dcontext)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(channel, cdr->channel, strlen(cdr->channel)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(dstchannel, cdr->dstchannel, strlen(cdr->dstchannel)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(lastapp, cdr->lastapp, strlen(cdr->lastapp)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(lastdata, cdr->lastdata, strlen(cdr->lastdata)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(src, cdr->src, strlen(cdr->src)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(dst, cdr->dst, strlen(cdr->dst)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(accountcode, cdr->accountcode, strlen(cdr->accountcode)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid)); ./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c: mysql_escape_string(userfielddata, cdr->userfield, strlen(cdr->userfield)); b2evolution: Xavier Luthi <xavier@caroxav.be> ./b2evolution-2.4.7/blogs/inc/_core/model/db/_db.class.php: return mysql_escape_string( $unescaped_string ); boinc: Debian BOINC Maintainers <pkg-boinc-devel@lists.alioth.debian.org> ./boinc-6.4.5+dfsg/html/ops/bbcode_convert_signature.php: $query = "update forum_preferences set signature = '".mysql_escape_string($text)."' where userid=".$forum_preferences->userid; ./boinc-6.4.5+dfsg/html/ops/bbcode_convert.php: $query = "update post set content = '".mysql_escape_string($text)."' where id=".$post->id; ./boinc-6.4.5+dfsg/html/ops/bbcode_convert_response2.php: $query = "update profile set response2 = '".mysql_escape_string($text)."' where userid=".$profile->userid; ./boinc-6.4.5+dfsg/html/ops/bbcode_convert_response1.php: $query = "update profile set response1 = '".mysql_escape_string($text)."' where userid=".$profile->userid; ./boinc-6.4.5+dfsg/html/user/forum_search_action.php: $search_string.=mysql_escape_string($word)."%"; ./boinc-6.4.5+dfsg/html/user/forum_search_action.php: $search_string.=mysql_escape_string($word)."%"; bulmages: René Mérou <ochominutosdearco@gmail.com> ./bulmages-0.11.1/bulmages/bulmalib/src/postgresiface2.cpp: PQescapeString ( buffer, cadena.toAscii().constData(), cadena.toAscii().size() ); clisp: Debian Common Lisp Team <pkg-common-lisp-devel@lists.alioth.debian.org> ./clisp-2.44.1/modules/postgresql/postgresql.lisp:(def-call-out PQescapeString (:return-type uint) cvsnt: Andreas Tscharner <andy@vis.ethz.ch> ./cvsnt-2.5.04.3236/cvsapi/db/mysql/mysql-3.23/mysql.h:unsigned long STDCALL mysql_escape_string(char *to,const char *from, unsigned long from_length); cyrus-sasl2: Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian- devel@lists.alioth.debian.org> ./cyrus-sasl2-2.1.23.dfsg1/plugins/sql.c: return mysql_escape_string(to, from, strlen(from)); ./cyrus-sasl2-2.1.23.dfsg1/plugins/sql.c: return PQescapeString(to, from, strlen(from)); cyrus-sasl2-heimdal: Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian- devel@lists.alioth.debian.org> ./cyrus-sasl2-heimdal-2.1.23.dfsg1/plugins/sql.c: return mysql_escape_string(to, from, strlen(from)); ./cyrus-sasl2-heimdal-2.1.23.dfsg1/plugins/sql.c: return PQescapeString(to, from, strlen(from)); dsyslog: William Pitcock <nenolod@dereferenced.org> ./dsyslog-0.5.0/www/functions.php: return mysql_escape_string($string); dtc: Thomas Goirand <thomas@goirand.fr> ./dtc-0.29.17/client/webmoney.php: $q = "SELECT * FROM $pro_mysql_pay_table WHERE id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'"; ./dtc-0.29.17/client/webmoney.php: $q = "UPDATE $pro_mysql_pay_table SET paiement_type='$paiement_type',secpay_site='$secpay_site',valid='pending',pending_reason='$reason' WHERE id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'"; ./dtc-0.29.17/client/webmoney.php: //setPaiemntAsPending(mysql_escape_string($_POST['LMI_PAYMENT_NO']),mysql_escape_string('Payer: '.$_POST['LMI_PAYER_PURSE'].', wmid'.$_POST['LMI_PAYER_WM'])); ./dtc-0.29.17/client/webmoney.php: $q = "SELECT * FROM $pro_mysql_pay_table WHERE id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'"; ./dtc-0.29.17/client/webmoney.php: $total = mysql_escape_string($_POST['LMI_PAYMENT_AMOUNT']); ./dtc-0.29.17/client/webmoney.php: secpay_custom_id='$secpay_custom_id',valid='yes' WHERE id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'"; ./dtc-0.29.17/client/new_account.php: VALUES ('','". $_REQUEST["adm_login"]."','','example.com','". mysql_escape_string($client["familyname"]) ."','". mysql_escape_string($client["christname"]) ."', ./dtc-0.29.17/client/new_account.php: '". mysql_escape_string($client["company_name"]) ."','". $client["is_company"]."','".$client["email"]."', ./dtc-0.29.17/client/new_account.php: '". mysql_escape_string($client["phone"]) ."','". mysql_escape_string($client["fax"]) ."','". mysql_escape_string($client["addr1"]) ."','". mysql_escape_string($client["addr2"]) ."','". mysql_escape_string($client["addr3"])."', ./dtc-0.29.17/client/new_account.php: '". mysql_escape_string($client["zipcode"]) ."','". mysql_escape_string($client["city"]) ."','". mysql_escape_string($client["state"]) ."','".$client["country"]."', ./dtc-0.29.17/client/new_account.php: '".mysql_escape_string($_REQUEST["custom_notes"])."','". $_REQUEST["vps_location"]."','".$_REQUEST["vps_os"]."', ./dtc-0.29.17/client/new_account.php: '". mysql_escape_string($client["vat_num"]) ."','". $_SERVER["REMOTE_ADDR"]."','".date("Y-m-d")."','".date("H:i:s")."','yes')"; ./dtc-0.29.17/client/paypal.php: setPaiemntAsPending(mysql_escape_string($item_number),mysql_escape_string($_REQUEST["pending_reason"])); ./dtc-0.29.17/client/paypal.php: validatePaiement(mysql_escape_string($item_number), $refund_amount,"online","paypal",mysql_escape_string($_REQUEST["txn_id"]),mysql_escape_string($_REQUEST["mc_gross"])); fpc: Carlos Laviola <claviola@debian.org> ./fpc-2.2.4/fpcsrc/packages/mysql/src/mysql.inc: function mysql_escape_string(fto:Pchar; from:Pchar; from_length:culong):culong;extdecl;external mysqllib name 'mysql_escape_string'; ./fpc-2.2.4/fpcsrc/packages/mysql/src/mysql4.pp:function mysql_escape_string(_to:Pchar; from:Pchar; from_length:dword):dword;extdecl;external External_library name 'mysql_escape_string'; ./fpc-2.2.4/fpcsrc/packages/mysql/src/mysql3.pp:Function mysql_escape_string(escto,escfrom : pchar; length : Cardinal) : cardinal;extdecl; external mysqllib name 'mysql_escape_string'; ./fpc-2.2.4/fpcsrc/packages/postgres/src/postgres3.pp: function PQescapeString(till:Pchar; from:Pchar; length:size_t):size_t;cdecl;external External_library name 'PQescapeString'; freeradius: Stephen Gran <sgran@debian.org> ./freeradius-2.1.0+dfsg/dialup_admin/lib/sql/drivers/mysql/functions.php3: return @mysql_escape_string($string); gammu: Michal Čihař <nijel@debian.org> ./gammu-1.24.0/smsd/services/pgsql.c: PQescapeString(buffer4, buffer2, strlen(buffer2)); ./gammu-1.24.0/smsd/services/pgsql.c: PQescapeString(buffer5, buffer2, strlen(buffer2)); ./gammu-1.24.0/smsd/services/pgsql.c: PQescapeString(buffer5, buffer2, strlen(buffer2)); gnugk: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> ./gnugk-2.2.8/gksql_pgsql.cxx: PQescapeString(escapedStr.GetPointer(numChars*2+1), str, numChars) + 1 hk-classes: Debian QA Group <packages@qa.debian.org> ./hk-classes-0.8.3/hk_mysqlclasses/hk_mysqlcolumn.cpp: if (p_mysqldatasource->dbhandler()) mysql_escape_string(p_asstring,data- >data,data->length); ./hk-classes-0.8.3/hk_mysqlclasses/hk_mysqlcolumn.cpp: p_driver_specific_data_size=mysql_escape_string(p_driver_specific_data,s.c_str(),a); ./hk-classes-0.8.3/hk_mysqlclasses/hk_mysqlcolumn.cpp: p_driver_specific_data_size=mysql_escape_string(p_driver_specific_data,b,p_original_new_data_size); jabberd2: Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org> ./jabberd2-2.2.8/storage/storage_pgsql.c: vlen = PQescapeString(cval, f->val, strlen(f->val)); ./jabberd2-2.2.8/storage/storage_pgsql.c: vlen = PQescapeString(cval, (char *) val, strlen((char *) val)); ./jabberd2-2.2.8/storage/storage_pgsql.c: vlen = PQescapeString(&cval[3], xml, xlen) + 3; ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser, strlen(iuser)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm, strlen(irealm)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser, strlen(iuser)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm, strlen(irealm)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(epass, password, strlen(password)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser, strlen(iuser)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm, strlen(irealm)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser, strlen(iuser)); ./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm, strlen(irealm)); libdbi-drivers: Thomas Goirand <thomas@goirand.fr> ./libdbi-drivers-0.8.2-1/drivers/mysql/dbd_mysql.c: len = mysql_escape_string(dest+1, orig, strlen(orig)); ./libdbi-drivers-0.8.2-1/drivers/pgsql/dbd_pgsql.c: len = PQescapeString(dest+1, orig, strlen(orig)); libgda3: Gustavo R. Montesino <grmontesino@ig.com.br> ./libgda3-3.0.2/providers/postgres/gda-postgres-provider.c: PQescapeString (dest, str, length); libpgsql-ruby: Dmitry Borodaenko <angdraug@debian.org> NOTE: Does not offer PQescapeStringConn() in etch libpqxx3/libpqxx: Eugene V. Lyubimkin <jackyf.devel@gmail.com> ./libpqxx3-3.0.0/configure.ac:AC_MSG_CHECKING([PQescapeString()]) ./libpqxx3-3.0.0/configure.ac: [char c[1];PQescapeString(c,"",0x01)], ./libpqxx3-3.0.0/configure.ac: [Define if libpq has PQescapeString()]), ./libpqxx3-3.0.0/configure.ac:You appear to be building with a very old libpq version that does not have PQescapeString(). This can cause serious problems when non-ASCII data is used ./libpqxx3-3.0.0/include/pqxx/config.h.in:/* Define if libpq has PQescapeString() */ ./libpqxx3-3.0.0/configure.ac.in:AC_MSG_CHECKING([PQescapeString()]) ./libpqxx3-3.0.0/configure.ac.in: [char c[1];PQescapeString(c,"",0x01)], ./libpqxx3-3.0.0/configure.ac.in: [Define if libpq has PQescapeString()]), ./libpqxx3-3.0.0/configure.ac.in:You appear to be building with a very old libpq version that does not have PQescapeString(). This can cause serious problems when non-ASCII data is used ./libpqxx3-3.0.0/src/connection_base.cxx: const size_t bytes = PQescapeString(buf.c_ptr(), str, maxlen); ./libpqxx3-3.0.0/configure:{ echo "$as_me:$LINENO: checking PQescapeString()" >&5 ./libpqxx3-3.0.0/configure:echo $ECHO_N "checking PQescapeString()... $ECHO_C" >&6; } ./libpqxx3-3.0.0/configure:char c[1];PQescapeString(c,"",0x01) ./libpqxx3-3.0.0/configure:You appear to be building with a very old libpq version that does not have PQescapeString(). This can cause serious problems when non-ASCII data is used ./libpqxx3-3.0.0/configure:You appear to be building with a very old libpq version that does not have PQescapeString(). This can cause serious problems when non-ASCII data is used libpreludedb: Mickael Profeta <profeta@debian.org> ./libpreludedb-0.9.15.3/plugins/sql/mysql/mysql.c: rsize = mysql_escape_string((*output) + 1, (const char *) input, input_size); ./libpreludedb-0.9.15.3/plugins/sql/pgsql/pgsql.c: rsize = PQescapeString((*output) + 1, input, input_size); libyada: Christoph Berg <myon@debian.org> ./libyada-1.0.2/src/yada_pgsql.c: *dlen = PQescapeString(dest, src, slen); mediawiki: Mediawiki Maintenance Team <pkg-mediawiki- devel@lists.alioth.debian.org> ./mediawiki-1.15.0/maintenance/namespace2sql.php: $nsname = mysql_escape_string( $wgLang->getNsText( $i ) ); ./mediawiki-1.15.0/maintenance/namespace2sql.php: $dbname = mysql_escape_string( $wgDBname ); mediawiki-metavidwiki: John Ferlito <johnf@inodes.org> ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: $ftq.=' '.$aon.'"spoken by '.mysql_escape_string($f['v']).'"'; ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: $ftq_match.=' '.$aon.'"'.mysql_escape_string($f['v']).'"'; ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: $toplq.=' '.$aon.'"category '.mysql_escape_string($f['v']).'" '; ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: //$ftq.=' '.$aon.'category:'.mysql_escape_string($f['v']); ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: $toplq_cat.=" $categoryTable.`cl_to`='".mysql_escape_string($f['v'])."'"; ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: . mysql_escape_string($sts) . ./mediawiki-metavidwiki-0.2/includes/MV_Index.php: ' AND `mv_streams`.`date_start_time` < '. mysql_escape_string($ets) . ./mediawiki- metavidwiki-0.2/includes/MV_MetavidInterface/MV_SequenceTools.php: array('`name` LIKE \'%'.mysql_escape_string($val).'%\''), ./mediawiki-metavidwiki-0.2/includes/specials/MV_SpecialMediaSearch.php: '`cl_sortkey` LIKE \'%'.mysql_escape_string($val).'%\' COLLATE latin1_general_ci'), ./mediawiki-metavidwiki-0.2/includes/specials/MV_SpecialMediaSearch.php: '`cl_sortkey` LIKE \'%'.mysql_escape_string($val).'%\' COLLATE latin1_general_ci'), mit-scheme: Chris Hanson <cph@debian.org> ./mit-scheme-7.7.90+20090107/src/microcode/prpgsql.c: (ulong_to_integer (PQescapeString ((STRING_ARG (2)), mnogosearch: Debian QA Group <packages@qa.debian.org> ./mnogosearch-3.3.8/src/sql-mysql.c: mysql_escape_string(to, from, len); moodle: Moodle Packaging Team <moodle-packaging@catalyst.net.nz> ./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: $id = "'" . mysql_escape_string($args["id"]) . "'"; ./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: mysql_query("UPDATE " . EWIKI_DB_TABLE_NAME . " SET hits=(hits+1) WHERE pagename='" . mysql_escape_string($args["id"]) . "'"); ./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: $sql2 .= $a . "'" . mysql_escape_string($value) . "'"; ./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: "(pagename='" . mysql_escape_string($id) . "')"; ./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: " WHERE LOCATE('" . mysql_escape_string($content) . "', LCASE($field)) " . ./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: $id = mysql_escape_string($args["id"]); movabletype-opensource: Dominic Hargreaves <dom@earth.li> ./movabletype-opensource-4.2.6.1/php/extlib/ezsql/ezsql_mysql.php: return mysql_escape_string(stripslashes($str)); mysql-ocaml: Samuel Mimram <smimram@debian.org> ./mysql-ocaml-1.0.4/mysql_stubs.c: esclen = mysql_escape_string(buf,s,len); neko: Jens Peter Secher <jps@debian.org> ./neko-1.8.1/libs/mysql/my_proto/my_api.c:int mysql_escape_string( MYSQL *m, char *sout, const char *sin, int length ) { ./neko-1.8.1/libs/mysql/my_proto/mysql.h:int mysql_escape_string( MYSQL *m, char *sout, const char *sin, int length ); nepenthes: Luciano Bello <luciano@debian.org> ./nepenthes-0.2.2/modules/sqlhandler-postgres/sqlhandler-postgres.cpp: size = PQescapeString(escaped,str->c_str(),str->size()); netmrg: Uwe Steinmann <steinm@debian.org> ./netmrg-0.20/src/db.cpp: mysql_escape_string(raw_output, input.c_str(), input.length()); ./netmrg-0.20/www/lib/database.php: return mysql_escape_string($string); ocsinventory-server: Pierre Chifflier <pollux@debian.org> ./ocsinventory-server-1.02.1/ocsreports/header.php: $req="SELECT id, accesslvl, passwd FROM operators WHERE id='".mysql_escape_string($_POST["login"])."'"; ./ocsinventory-server-1.02.1/ocsreports/download.php: $dlQuery .= "files WHERE name='".mysql_escape_string($_GET["n"])."' AND os='".mysql_escape_string($_GET["o"])."' AND version='".mysql_escape_string($_GET["v"])."'"; onak: Jonathan McDowell <noodles@earth.li> ./onak-0.3.7/keydb_pg.c: PQescapeString(newsearch, search, strlen(search)); ./onak-0.3.7/keydb_pg.c: PQescapeString(safeuid, uids[i], parrot: Debian Parrot Maintainers <pkg-parrot-devel@lists.alioth.debian.org> ./parrot-1.4.0/config/gen/call_list/misc.in:l ttl # unsigned long mysql_escape_string(char *to,const char *from, unsigned long from_length) parser-mysql: Sergey B Kirpichev <skirpichev@gmail.com> ./parser-mysql-10.1/parser3mysql.C: mysql_escape_string(result, from, length); pgadmin3: Raphael Enrici <blacknoz@club-internet.fr> ./pgadmin3-1.10.0/pgadmin/utils/tabcomplete.c: PQescapeString(e_text, text, string_length); ./pgadmin3-1.10.0/pgadmin/utils/tabcomplete.c: PQescapeString(e_addon, addon, strlen(addon)); pgpool2: Peter Eisentraut <petere@debian.org> ./pgpool2-2.2.3/pool_query_cache.c: escaped_query_len = PQescapeString(escaped_query, query_cache_info->query, strlen(query_cache_info->query)); pgtcl: Martin Pitt <mpitt@debian.org> ./pgtcl-1.5/generic/pgtclCmds.c: stringSize = PQescapeString (toString+1, fromString, fromStringLen); php-getid3: Romain Beauxis <toots@rastageeks.org> ./php-getid3-1.7.9/getid3/extension.cache.mysql.php: $filenam2 = mysql_escape_string($filename); ./php-getid3-1.7.9/getid3/extension.cache.mysql.php: $res2 = mysql_escape_string(serialize($result)); ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`filename` = "'.mysql_escape_string($from).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`filename` = "'.mysql_escape_string($filename).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`filename` = "'.mysql_escape_string($row['filename']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE `filename` LIKE "'.mysql_escape_string($row['filename']).'"'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`LastModified` = "'.mysql_escape_string(@$ThisFileInfo['file_modified_time']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`md5_file` = "'.mysql_escape_string(@$ThisFileInfo['md5_file']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`md5_data` = "'.mysql_escape_string(@$ThisFileInfo['md5_data']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`md5_data_source` = "'.mysql_escape_string(@$ThisFileInfo['md5_data_source']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`filesize` = "'.mysql_escape_string(@$ThisFileInfo['filesize']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`fileformat` = "'.mysql_escape_string(@$ThisFileInfo['fileformat']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`audio_dataformat` = "'.mysql_escape_string(@$ThisFileInfo['audio']['dataformat']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`video_dataformat` = "'.mysql_escape_string(@$ThisFileInfo['video']['dataformat']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`audio_bitrate` = "'.mysql_escape_string(floatval(@$ThisFileInfo['audio']['bitrate'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`video_bitrate` = "'.mysql_escape_string(floatval(@$ThisFileInfo['video']['bitrate'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`playtime_seconds` = "'.mysql_escape_string(floatval(@$ThisFileInfo['playtime_seconds'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`tags` = "'.mysql_escape_string(@implode("\t", @array_keys(@$ThisFileInfo['tags']))).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`artist` = "'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']['artist'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`title` = "'.mysql_escape_string($this_track_title).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`remix` = "'.mysql_escape_string($this_track_remix).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`album` = "'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']['album'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`genre` = "'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']['genre'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`comment` = "'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']['comment'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`track` = "'.mysql_escape_string($this_track_track).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`comments_all` = "'.mysql_escape_string(@serialize(@$ThisFileInfo['comments'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`comments_id3v2` = "'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['id3v2'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`comments_ape` = "'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['ape'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`comments_lyrics3` = "'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['lyrics3'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`comments_id3v1` = "'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['id3v1'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`warning` = "'.mysql_escape_string(@implode("\t", @$ThisFileInfo['warning'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`error` = "'.mysql_escape_string(@implode("\t", @$ThisFileInfo['error'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`encoder_options` = "'.mysql_escape_string(trim(@$ThisFileInfo['audio']['encoder'].' '.@$ThisFileInfo['audio']['encoder_options'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`vbr_method` = "'.mysql_escape_string(@$ThisFileInfo['mpeg'] ['audio']['VBR_method']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '`track_volume` = "'.mysql_escape_string(floatval(@$ThisFileInfo['replay_gain']['track'] ['volume'])).'" '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= 'WHERE (`filename` = "'.mysql_escape_string(@$ThisFileInfo['filenamepath']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['filenamepath']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['file_modified_time']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['md5_file']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['md5_data']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['md5_data_source']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['filesize']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['fileformat']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['audio'] ['dataformat']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['video'] ['dataformat']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['audio'] ['bitrate'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['video'] ['bitrate'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['playtime_seconds'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @array_keys(@$ThisFileInfo['tags']))).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments'] ['artist'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string($this_track_title).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string($this_track_remix).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments'] ['album'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments'] ['genre'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments'] ['comment'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string($this_track_track).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['comments'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags'] ['id3v2'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags'] ['ape'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags'] ['lyrics3'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags'] ['id3v1'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['warning'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['error'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(trim(@$ThisFileInfo['audio']['encoder'].' '.@$ThisFileInfo['audio']['encoder_options'])).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(!empty($ThisFileInfo['mpeg']['audio'] ['LAME']) ? 'LAME' : @$ThisFileInfo['mpeg']['audio']['VBR_method']).'", '; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['replay_gain'] ['track']['volume'])).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`filename` = "'.mysql_escape_string($row['filename']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`filename` = "'.mysql_escape_string($row['filename']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE `filename` LIKE "'.mysql_escape_string($row['filename']).'"'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`filename` = "'.mysql_escape_string($row['filename']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`encoder_options` = "'.mysql_escape_string($_REQUEST['encodedbydistribution']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`encoder_options` LIKE "'.mysql_escape_string($_REQUEST['showtagfiles']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`tags` LIKE "'.mysql_escape_string($_REQUEST['showtagfiles']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`md5_data` = "'.mysql_escape_string($row['md5_data']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`artist` = "'.mysql_escape_string($_REQUEST['m3uartist']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND (`title` = "'.mysql_escape_string($_REQUEST['m3utitle']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`artist` = "'.mysql_escape_string($row['artist']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND (`title` = "'.mysql_escape_string($row['title']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND (`remix` = "'.mysql_escape_string($row['remix']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`artist` = "'.mysql_escape_string($row['artist']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND (`title` = "'.mysql_escape_string($row['title']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`fileformat` = "'.mysql_escape_string($fileformat).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND (`audio_dataformat` = "'.mysql_escape_string($audioformat).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`genre` LIKE "'.mysql_escape_string($_REQUEST['genredistribution']).'")'; ./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE (`vbr_method` = "'.mysql_escape_string($_REQUEST['vbrmethod']).'")'; ./php-getid3-1.7.9/demos/demo.mp3header.php: return mysql_escape_string($text); phpwiki: Matt Brown <mattb@debian.org> ./phpwiki-1.3.14/lib/pear/DB/mysql.php: return @mysql_escape_string($str); pixelpost: Xavier Luthi <xavier@caroxav.be> ./pixelpost-1.7.1/includes/functions.php: if (version_compare($phpver,"4.3.0")=="-1") $banlist = mysql_escape_string($banlist); ./pixelpost-1.7.1/includes/functions.php: if (version_compare($phpver,"4.3.0")=="-1") $banlist = mysql_escape_string($banlist); ./pixelpost-1.7.1/includes/functions.php: if(version_compare($phpver, "4.3.0")=="-1") $banlist = mysql_escape_string($banlist); ./pixelpost-1.7.1/admin/comments.php: $banlist = mysql_escape_string($banlist); ./pixelpost-1.7.1/admin/comments.php: $banlist = mysql_escape_string($banlist); ./pixelpost-1.7.1/addons/admin_ping.php: if(version_compare(phpversion(),"4.3.0")=="-1") $pinglist = mysql_escape_string($pinglist); postgresql-ocaml: Debian OCaml Maintainers <debian-ocaml- maint@lists.debian.org> ./postgresql-ocaml-1.10.3/lib/postgresql_stubs.c: return Val_int(PQescapeString(String_val(v_to) + Int_val(v_pos_to), String_val(v_from) + Int_val(v_pos_from), Int_val(v_len))); prokyon3: Debian QA Group <packages@qa.debian.org> ./prokyon3-0.9.6/sql++/sql_query.cc: mysql_escape_string(s,const_cast<char *>(S.c_str()),S.size()); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in), size); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size()); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in), size); ./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char *>(in.c_str()), in.size() ); psycopg2: Fabio Tranchitella <kobold@debian.org> ./psycopg2-2.0.8/psycopg/adapter_qstring.c: return PQescapeString(to, from, len); pvpgn: Radu Spineanu <radu@debian.org> ./pvpgn-1.8.1/build-tree/pvpgn-1.8.1/src/bnetd/sql_pgsql.c: PQescapeString(escape, from, len); pygresql: Matthias Klose <doko@debian.org> ./pygresql-4.0/pgmodule.c: to_length = (int)PQescapeString(to, from, (size_t)from_length); python-mysqldb: Debian Python Modules Team <python-modules- team@lists.alioth.debian.org> ./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out, in, size); ./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out, in, size); ./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out+1, in, size); ./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out+1, in, size); ./python-mysqldb-1.2.2/doc/MySQLdb.txt: ``mysql_escape_string()`` ``_mysql.escape_string()`` qt-x11-free: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> ./qt-x11-free-3.3.8-b/src/sql/drivers/mysql/qsql_mysql.cpp: /*uint escapedSize =*/ mysql_escape_string( buffer, ba.data(), ba.size() ); ratbox-services: Arnaud Cornet <acornet@debian.org> ./ratbox-services-1.2.1/build-tree/ratbox-services-1.2.1/src/rsdb_pgsql.c: PQescapeString(buf, src, length); redland: Dave Beckett <dajobe@debian.org> ./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString(escaped_name,(const char*)name, strlen(name)); ./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString(escaped_uri,(const char*)uri, nodelen); ./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString(escaped_value, (const char*)value, valuelen); ./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString( escaped_lang, (const char*)lang, langlen); ./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString( escaped_datatype, (const char*)datatype, datatypelen); ./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString(escaped_name,(const char*)name, nodelen); root-system: Christian Holm Christensen <cholm@nbi.dk> ./root-system-5.18.00/pgsql/src/TPgSQLStatement.cxx: mxsz=PQescapeString (mptr,(char*)mem,sz); rpm2html: Michal Čihař <nijel@debian.org> ./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len); ./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len); ./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len); ./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len); ./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len); ./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len); scuttle: Marcelo Jorge Vieira (metal) <metal@alucinados.com> ./scuttle-0.7.4/includes/db/mysqli.php: return mysql_escape_string($msg); ./scuttle-0.7.4/includes/db/mysql.php: return mysql_escape_string($msg); ./scuttle-0.7.4/includes/db/mysql4.php: return mysql_escape_string($msg); ser: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> ./ser-2.0.0/modules/mysql/val.c: _s += mysql_escape_string(_s, VAL_STR(_v).s, l); sitebar: Carlos Eduardo Sotelo Pinto (krlos) <krlos.aqp@gmail.com> ./sitebar-3.3.9/inc/database.inc.php: return mysql_escape_string(str_replace('\\0','\\\\0',$str)); snort: Javier Fernandez-Sanguino Pen~a <jfs@debian.org> ./snort-2.8.4.1/src/win32/WIN32-Includes/mysql/mysql.h:unsigned long STDCALL mysql_escape_string(char *to,const char *from, unsigned long from_length); spl: Gerfried Fuchs <rhonda@debian.at> ./spl-1.0~pre5/spl_modules/mod_sql_mysql.c: int newtext_len = mysql_escape_string(newtext+1, text, text_len); sqlrelay: Debian QA Group <packages@qa.debian.org> ./sqlrelay-0.39.4/src/api/mysql/mysql.C:unsigned long mysql_escape_string(char *to, const char *from, unsigned long length); ./sqlrelay-0.39.4/src/api/mysql/mysql.C:unsigned long mysql_escape_string(char *to, const char *from, unsigned long length) { ./sqlrelay-0.39.4/src/api/postgresql/pqescape.C:size_t PQescapeString(char *to, const char *from, size_t length) { ./sqlrelay-0.39.4/test/dropin/postgresql.C: checkSuccess(PQescapeString(to,from,strlen(from)),7); ./sqlrelay-0.39.4/test/dropin/mysql.C: checkSuccess(mysql_escape_string(to,from,15),21); ./sqlrelay-0.39.4/TODO: (mysql_escape_string()/mysql_real_escape_string()) stardict-tools: Jose Carlos Medeiros <debian@psabs.com.br> ./stardict-tools-3.0.1/src/tabfile2sql.cpp: mysql_escape_string(word_buf, word, word_len); ./stardict-tools-3.0.1/src/tabfile2sql.cpp: mysql_escape_string(meaning_buf, meaning, meaning_len); symfony: Martin Meredith <mez@debian.org> ./symfony-1.0.20/lib/vendor/propel- generator/templates/sql/load/mysql/val.tpl: print "'" . mysql_escape_string($column->getValue()) . "'"; ./symfony-1.0.20/lib/vendor/propel- generator/classes/propel/engine/platform/MysqlPlatform.php: return mysql_escape_string($text); texfam: TSUCHIYA Masatoshi <tsuchiya@namazu.org> ./texfam-1.2.1/build-tree/teTeX-1.0/libs/libwww/HTSQL.c: mysql_escape_string(q, cp, strlen(cp)); typo3-src: Christian Welzel <gawain@camlann.de> ./typo3-src-4.2.6/ChangeLog: * Update for bug #1354: Use mysql_escape_string() with PHP 4.1.x ulogd: Achilleas Kotsis <achille@kotsis.net> ./ulogd-1.24/mysql/ulogd_MYSQL.c: mysql_escape_string(stmt_ins, tmpstr, strlen(tmpstr)); ./ulogd-1.24/mysql/ulogd_MYSQL.c: mysql_escape_string(stmt_ins, res->value.ptr, strlen(res->value.ptr)); ./ulogd-1.24/debian/patches/strfix.patch:- mysql_escape_string(stmt_ins, tmpstr, - strlen(tmpstr)); ./ulogd-1.24/debian/patches/strfix.patch:+ mysql_escape_string(stmt_ins, tmpstr, + strlen(tmpstr)); ./ulogd-1.24/debian/patches/strfix.patch:- mysql_escape_string(stmt_ins, res->value.ptr, - strlen(res->value.ptr)); ./ulogd-1.24/debian/patches/strfix.patch:+ mysql_escape_string(stmt_ins, res->value.ptr, + strlen(res->value.ptr)); ./ulogd-1.24/debian/patches/strfix.patch:- PQescapeString(stmt_ins,tmpstr,strlen(tmpstr)); ./ulogd-1.24/debian/patches/strfix.patch:+ PQescapeString(stmt_ins,tmpstr,strlen(tmpstr)); ./ulogd-1.24/debian/patches/strfix.patch:- PQescapeString(stmt_ins,res->value.ptr,strlen(res->value.ptr)); ./ulogd-1.24/debian/patches/strfix.patch:+ PQescapeString(stmt_ins,res->value.ptr,strlen(res->value.ptr)); ./ulogd-1.24/pgsql/ulogd_PGSQL.c: PQescapeString(stmt_ins,tmpstr,strlen(tmpstr)); ./ulogd-1.24/pgsql/ulogd_PGSQL.c: PQescapeString(stmt_ins,res->value.ptr,strlen(res->value.ptr)); w3c-libwww: Richard Atterer <atterer@debian.org> ./w3c-libwww-5.4.0/Library/src/HTSQL.c: mysql_escape_string(q, cp, strlen(cp)); webcalendar: WebCalendar Debian package development <rafael- webcalendar@debian.org> ./webcalendar-1.2.0+dfsg/includes/dbi4php.php: : mysql_escape_string ( $string ) ) ); webissues-server: Patrick Matthäi <pmatthaei@debian.org> ./webissues-server-0.8.4/include/database-mysql.inc.php: return "'" . mysql_escape_string( $arg ) . "'"; wzdftpd: Pierre Chifflier <pollux@debian.org> ./wzdftpd-0.8.3/backends/pgsql/libpgsql_main.c:/** \todo XXX FIXME use PQescapeString() */ xindy: Jörg Sommer <joerg@alea.gnuu.de> ./xindy-2.3/rte/clisp-2.43/modules/postgresql/postgresql.lisp:(def-call-out PQescapeString (:return-type uint) zoneminder: Peter Howard <pjh@northern-ridge.com.au> ./zoneminder-1.24.1/web/includes/database.php: return( mysql_escape_string( stripslashes( $string ) ) ); ./zoneminder-1.24.1/web/includes/database.php: return( mysql_escape_string( $string ) ); zoph: Edelhard Becker <edelhard@debian.org> ./zoph-0.7.5/php/database.inc.php: return mysql_escape_string($str); ./zoph-0.7.5/contrib/zoph-0.3.3.postgres.diff:- return mysql_escape_string($str); ./zoph-0.7.5/contrib/zoph-0.3.3.postgres.diff:+ return mysql_escape_string($str);
Attachment:
signature.asc
Description: This is a digitally signed message part.