Hi everyone
We had a few issues in the past with insufficient database escaping, which lead
to possible SQL injections due to the use of the deprecated functions
mysql_escape_string() and PQescapeString().
These functions do not take the encoding of the established connection into
account, which can lead to insufficient escaping, if the encoding of this
connection can be set to certain multibyte character encodings (such as GBK).
I found the explanation given in this email[0] quite useful to elaborate on
the thread.
In order to prevent this issue, the new functions mysql_real_escape_string()
[1] and PQescapeStringConn()[2] have been added, which honour the specific
encoding of the connection.
Thanks to Kees, I have prepared a list of packages (below) that are still
using the deprecated functions. Apologies for all false-positives, I've tried
to eliminate as many as possible. If you find your package in the list below,
please have a look at the code and check, if you can change to the new
functions.
You are likely vulnerable to an SQL injection attack, if you only rely on the
deprecated functions for escaping (or have some self-made escaping for that
matter) AND if it is possible to set the client encoding.
If other encodings, such as UTF-8, are used, you are not vulnerable, so check
that as well, please.
In the near future, I will try to do the archive scan again and file bugs with
severity "normal" for the packages below that are still relying on the
deprecated functions. (Should they be found vulnerable, the severity will be
raised of course).
If you are in doubt about anything or if you found that your package is
vulnerable, please contact the security team (team@security.debian.org).
Cheers
Steffen
[0]: http://www.mail-archive.com/pgsql-hackers@postgresql.org/msg71061.html
[1]: http://dev.mysql.com/doc/refman/5.0/es/mysql-real-escape-string.html
[2]: http://www.postgresql.org/docs/8.4/static/libpq-exec.html
ampache: Charlie Smotherman <cjsmo@cableone.net>
./ampache-3.5.1/modules/getid3/extension.cache.mysql.php: $filenam2
= mysql_escape_string($filename);
./ampache-3.5.1/modules/getid3/extension.cache.mysql.php: $res2 =
mysql_escape_string(serialize($result));
asterisk-addons: Debian VoIP Team <pkg-voip-
maintainers@lists.alioth.debian.org>
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(clid, cdr->clid, strlen(cdr->clid));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(dcontext, cdr->dcontext, strlen(cdr->dcontext));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(channel, cdr->channel, strlen(cdr->channel));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(dstchannel, cdr->dstchannel, strlen(cdr->dstchannel));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(lastapp, cdr->lastapp, strlen(cdr->lastapp));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(lastdata, cdr->lastdata, strlen(cdr->lastdata));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(src, cdr->src, strlen(cdr->src));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(dst, cdr->dst, strlen(cdr->dst));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(accountcode, cdr->accountcode, strlen(cdr->accountcode));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid));
./asterisk-addons-1.4.7/cdr/cdr_addon_mysql.c:
mysql_escape_string(userfielddata, cdr->userfield, strlen(cdr->userfield));
b2evolution: Xavier Luthi <xavier@caroxav.be>
./b2evolution-2.4.7/blogs/inc/_core/model/db/_db.class.php: return
mysql_escape_string( $unescaped_string );
boinc: Debian BOINC Maintainers <pkg-boinc-devel@lists.alioth.debian.org>
./boinc-6.4.5+dfsg/html/ops/bbcode_convert_signature.php: $query =
"update forum_preferences set signature = '".mysql_escape_string($text)."'
where userid=".$forum_preferences->userid;
./boinc-6.4.5+dfsg/html/ops/bbcode_convert.php: $query = "update post
set content = '".mysql_escape_string($text)."' where id=".$post->id;
./boinc-6.4.5+dfsg/html/ops/bbcode_convert_response2.php: $query =
"update profile set response2 = '".mysql_escape_string($text)."' where
userid=".$profile->userid;
./boinc-6.4.5+dfsg/html/ops/bbcode_convert_response1.php: $query =
"update profile set response1 = '".mysql_escape_string($text)."' where
userid=".$profile->userid;
./boinc-6.4.5+dfsg/html/user/forum_search_action.php:
$search_string.=mysql_escape_string($word)."%";
./boinc-6.4.5+dfsg/html/user/forum_search_action.php:
$search_string.=mysql_escape_string($word)."%";
bulmages: René Mérou <ochominutosdearco@gmail.com>
./bulmages-0.11.1/bulmages/bulmalib/src/postgresiface2.cpp: PQescapeString
( buffer, cadena.toAscii().constData(), cadena.toAscii().size() );
clisp: Debian Common Lisp Team <pkg-common-lisp-devel@lists.alioth.debian.org>
./clisp-2.44.1/modules/postgresql/postgresql.lisp:(def-call-out
PQescapeString (:return-type uint)
cvsnt: Andreas Tscharner <andy@vis.ethz.ch>
./cvsnt-2.5.04.3236/cvsapi/db/mysql/mysql-3.23/mysql.h:unsigned long
STDCALL mysql_escape_string(char *to,const char *from, unsigned long
from_length);
cyrus-sasl2: Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-
devel@lists.alioth.debian.org>
./cyrus-sasl2-2.1.23.dfsg1/plugins/sql.c: return mysql_escape_string(to,
from, strlen(from));
./cyrus-sasl2-2.1.23.dfsg1/plugins/sql.c: return PQescapeString(to, from,
strlen(from));
cyrus-sasl2-heimdal: Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-
devel@lists.alioth.debian.org>
./cyrus-sasl2-heimdal-2.1.23.dfsg1/plugins/sql.c: return
mysql_escape_string(to, from, strlen(from));
./cyrus-sasl2-heimdal-2.1.23.dfsg1/plugins/sql.c: return
PQescapeString(to, from, strlen(from));
dsyslog: William Pitcock <nenolod@dereferenced.org>
./dsyslog-0.5.0/www/functions.php: return mysql_escape_string($string);
dtc: Thomas Goirand <thomas@goirand.fr>
./dtc-0.29.17/client/webmoney.php: $q = "SELECT * FROM
$pro_mysql_pay_table WHERE
id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'";
./dtc-0.29.17/client/webmoney.php: $q = "UPDATE
$pro_mysql_pay_table SET
paiement_type='$paiement_type',secpay_site='$secpay_site',valid='pending',pending_reason='$reason'
WHERE id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'";
./dtc-0.29.17/client/webmoney.php:
//setPaiemntAsPending(mysql_escape_string($_POST['LMI_PAYMENT_NO']),mysql_escape_string('Payer:
'.$_POST['LMI_PAYER_PURSE'].', wmid'.$_POST['LMI_PAYER_WM']));
./dtc-0.29.17/client/webmoney.php: $q = "SELECT * FROM
$pro_mysql_pay_table WHERE
id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'";
./dtc-0.29.17/client/webmoney.php: $total =
mysql_escape_string($_POST['LMI_PAYMENT_AMOUNT']);
./dtc-0.29.17/client/webmoney.php:
secpay_custom_id='$secpay_custom_id',valid='yes' WHERE
id='".mysql_escape_string($_POST['LMI_PAYMENT_NO'])."'";
./dtc-0.29.17/client/new_account.php: VALUES ('','".
$_REQUEST["adm_login"]."','','example.com','".
mysql_escape_string($client["familyname"]) ."','".
mysql_escape_string($client["christname"]) ."',
./dtc-0.29.17/client/new_account.php: '".
mysql_escape_string($client["company_name"]) ."','".
$client["is_company"]."','".$client["email"]."',
./dtc-0.29.17/client/new_account.php: '".
mysql_escape_string($client["phone"]) ."','".
mysql_escape_string($client["fax"]) ."','".
mysql_escape_string($client["addr1"]) ."','".
mysql_escape_string($client["addr2"]) ."','".
mysql_escape_string($client["addr3"])."',
./dtc-0.29.17/client/new_account.php: '".
mysql_escape_string($client["zipcode"]) ."','".
mysql_escape_string($client["city"]) ."','".
mysql_escape_string($client["state"]) ."','".$client["country"]."',
./dtc-0.29.17/client/new_account.php:
'".mysql_escape_string($_REQUEST["custom_notes"])."','".
$_REQUEST["vps_location"]."','".$_REQUEST["vps_os"]."',
./dtc-0.29.17/client/new_account.php: '".
mysql_escape_string($client["vat_num"]) ."','".
$_SERVER["REMOTE_ADDR"]."','".date("Y-m-d")."','".date("H:i:s")."','yes')";
./dtc-0.29.17/client/paypal.php:
setPaiemntAsPending(mysql_escape_string($item_number),mysql_escape_string($_REQUEST["pending_reason"]));
./dtc-0.29.17/client/paypal.php:
validatePaiement(mysql_escape_string($item_number),
$refund_amount,"online","paypal",mysql_escape_string($_REQUEST["txn_id"]),mysql_escape_string($_REQUEST["mc_gross"]));
fpc: Carlos Laviola <claviola@debian.org>
./fpc-2.2.4/fpcsrc/packages/mysql/src/mysql.inc: function
mysql_escape_string(fto:Pchar; from:Pchar;
from_length:culong):culong;extdecl;external mysqllib name
'mysql_escape_string';
./fpc-2.2.4/fpcsrc/packages/mysql/src/mysql4.pp:function
mysql_escape_string(_to:Pchar; from:Pchar;
from_length:dword):dword;extdecl;external External_library name
'mysql_escape_string';
./fpc-2.2.4/fpcsrc/packages/mysql/src/mysql3.pp:Function
mysql_escape_string(escto,escfrom : pchar; length : Cardinal) :
cardinal;extdecl; external mysqllib name 'mysql_escape_string';
./fpc-2.2.4/fpcsrc/packages/postgres/src/postgres3.pp: function
PQescapeString(till:Pchar; from:Pchar; length:size_t):size_t;cdecl;external
External_library name 'PQescapeString';
freeradius: Stephen Gran <sgran@debian.org>
./freeradius-2.1.0+dfsg/dialup_admin/lib/sql/drivers/mysql/functions.php3:
return @mysql_escape_string($string);
gammu: Michal Čihař <nijel@debian.org>
./gammu-1.24.0/smsd/services/pgsql.c:
PQescapeString(buffer4, buffer2, strlen(buffer2));
./gammu-1.24.0/smsd/services/pgsql.c:
PQescapeString(buffer5, buffer2, strlen(buffer2));
./gammu-1.24.0/smsd/services/pgsql.c: PQescapeString(buffer5,
buffer2, strlen(buffer2));
gnugk: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
./gnugk-2.2.8/gksql_pgsql.cxx:
PQescapeString(escapedStr.GetPointer(numChars*2+1), str, numChars) + 1
hk-classes: Debian QA Group <packages@qa.debian.org>
./hk-classes-0.8.3/hk_mysqlclasses/hk_mysqlcolumn.cpp: if
(p_mysqldatasource->dbhandler()) mysql_escape_string(p_asstring,data-
>data,data->length);
./hk-classes-0.8.3/hk_mysqlclasses/hk_mysqlcolumn.cpp:
p_driver_specific_data_size=mysql_escape_string(p_driver_specific_data,s.c_str(),a);
./hk-classes-0.8.3/hk_mysqlclasses/hk_mysqlcolumn.cpp:
p_driver_specific_data_size=mysql_escape_string(p_driver_specific_data,b,p_original_new_data_size);
jabberd2: Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org>
./jabberd2-2.2.8/storage/storage_pgsql.c: vlen =
PQescapeString(cval, f->val, strlen(f->val));
./jabberd2-2.2.8/storage/storage_pgsql.c: vlen =
PQescapeString(cval, (char *) val, strlen((char *) val));
./jabberd2-2.2.8/storage/storage_pgsql.c: vlen =
PQescapeString(&cval[3], xml, xlen) + 3;
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser,
strlen(iuser));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm,
strlen(irealm));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser,
strlen(iuser));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm,
strlen(irealm));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(epass, password,
strlen(password));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser,
strlen(iuser));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm,
strlen(irealm));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(euser, iuser,
strlen(iuser));
./jabberd2-2.2.8/storage/authreg_pgsql.c: PQescapeString(erealm, irealm,
strlen(irealm));
libdbi-drivers: Thomas Goirand <thomas@goirand.fr>
./libdbi-drivers-0.8.2-1/drivers/mysql/dbd_mysql.c: len =
mysql_escape_string(dest+1, orig, strlen(orig));
./libdbi-drivers-0.8.2-1/drivers/pgsql/dbd_pgsql.c: len =
PQescapeString(dest+1, orig, strlen(orig));
libgda3: Gustavo R. Montesino <grmontesino@ig.com.br>
./libgda3-3.0.2/providers/postgres/gda-postgres-provider.c:
PQescapeString (dest, str, length);
libpgsql-ruby: Dmitry Borodaenko <angdraug@debian.org>
NOTE: Does not offer PQescapeStringConn() in etch
libpqxx3/libpqxx: Eugene V. Lyubimkin <jackyf.devel@gmail.com>
./libpqxx3-3.0.0/configure.ac:AC_MSG_CHECKING([PQescapeString()])
./libpqxx3-3.0.0/configure.ac: [char c[1];PQescapeString(c,"",0x01)],
./libpqxx3-3.0.0/configure.ac: [Define if libpq has PQescapeString()]),
./libpqxx3-3.0.0/configure.ac:You appear to be building with a very old libpq
version that does not have
PQescapeString(). This can cause serious problems when non-ASCII data is
used
./libpqxx3-3.0.0/include/pqxx/config.h.in:/* Define if libpq has
PQescapeString() */
./libpqxx3-3.0.0/configure.ac.in:AC_MSG_CHECKING([PQescapeString()])
./libpqxx3-3.0.0/configure.ac.in: [char c[1];PQescapeString(c,"",0x01)],
./libpqxx3-3.0.0/configure.ac.in: [Define if libpq has
PQescapeString()]),
./libpqxx3-3.0.0/configure.ac.in:You appear to be building with a very old
libpq version that does not have
PQescapeString(). This can cause serious problems when non-ASCII data is
used
./libpqxx3-3.0.0/src/connection_base.cxx: const size_t bytes =
PQescapeString(buf.c_ptr(), str, maxlen);
./libpqxx3-3.0.0/configure:{ echo "$as_me:$LINENO: checking PQescapeString()"
>&5
./libpqxx3-3.0.0/configure:echo $ECHO_N "checking PQescapeString()... $ECHO_C"
>&6; }
./libpqxx3-3.0.0/configure:char c[1];PQescapeString(c,"",0x01)
./libpqxx3-3.0.0/configure:You appear to be building with a very old libpq
version that does not have
PQescapeString(). This can cause serious problems when non-ASCII data is
used
./libpqxx3-3.0.0/configure:You appear to be building with a very old libpq
version that does not have
PQescapeString(). This can cause serious problems when non-ASCII data is
used
libpreludedb: Mickael Profeta <profeta@debian.org>
./libpreludedb-0.9.15.3/plugins/sql/mysql/mysql.c: rsize =
mysql_escape_string((*output) + 1, (const char *) input, input_size);
./libpreludedb-0.9.15.3/plugins/sql/pgsql/pgsql.c: rsize =
PQescapeString((*output) + 1, input, input_size);
libyada: Christoph Berg <myon@debian.org>
./libyada-1.0.2/src/yada_pgsql.c: *dlen = PQescapeString(dest, src, slen);
mediawiki: Mediawiki Maintenance Team <pkg-mediawiki-
devel@lists.alioth.debian.org>
./mediawiki-1.15.0/maintenance/namespace2sql.php: $nsname =
mysql_escape_string( $wgLang->getNsText( $i ) );
./mediawiki-1.15.0/maintenance/namespace2sql.php: $dbname =
mysql_escape_string( $wgDBname );
mediawiki-metavidwiki: John Ferlito <johnf@inodes.org>
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
$ftq.=' '.$aon.'"spoken by '.mysql_escape_string($f['v']).'"';
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
$ftq_match.=' '.$aon.'"'.mysql_escape_string($f['v']).'"';
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
$toplq.=' '.$aon.'"category '.mysql_escape_string($f['v']).'" ';
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
//$ftq.=' '.$aon.'category:'.mysql_escape_string($f['v']);
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
$toplq_cat.=" $categoryTable.`cl_to`='".mysql_escape_string($f['v'])."'";
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
. mysql_escape_string($sts) .
./mediawiki-metavidwiki-0.2/includes/MV_Index.php:
' AND `mv_streams`.`date_start_time` < '. mysql_escape_string($ets) .
./mediawiki-
metavidwiki-0.2/includes/MV_MetavidInterface/MV_SequenceTools.php:
array('`name` LIKE \'%'.mysql_escape_string($val).'%\''),
./mediawiki-metavidwiki-0.2/includes/specials/MV_SpecialMediaSearch.php:
'`cl_sortkey` LIKE \'%'.mysql_escape_string($val).'%\' COLLATE
latin1_general_ci'),
./mediawiki-metavidwiki-0.2/includes/specials/MV_SpecialMediaSearch.php:
'`cl_sortkey` LIKE \'%'.mysql_escape_string($val).'%\' COLLATE
latin1_general_ci'),
mit-scheme: Chris Hanson <cph@debian.org>
./mit-scheme-7.7.90+20090107/src/microcode/prpgsql.c: (ulong_to_integer
(PQescapeString ((STRING_ARG (2)),
mnogosearch: Debian QA Group <packages@qa.debian.org>
./mnogosearch-3.3.8/src/sql-mysql.c: mysql_escape_string(to, from, len);
moodle: Moodle Packaging Team <moodle-packaging@catalyst.net.nz>
./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: $id = "'" .
mysql_escape_string($args["id"]) . "'";
./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: mysql_query("UPDATE " .
EWIKI_DB_TABLE_NAME . " SET hits=(hits+1) WHERE pagename='" .
mysql_escape_string($args["id"]) . "'");
./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: $sql2 .= $a . "'" .
mysql_escape_string($value) . "'";
./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php:
"(pagename='" . mysql_escape_string($id) . "')";
./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: " WHERE LOCATE('" .
mysql_escape_string($content) . "', LCASE($field)) " .
./moodle-1.9.4.dfsg/mod/wiki/ewiki/ewiki.php: $id =
mysql_escape_string($args["id"]);
movabletype-opensource: Dominic Hargreaves <dom@earth.li>
./movabletype-opensource-4.2.6.1/php/extlib/ezsql/ezsql_mysql.php:
return mysql_escape_string(stripslashes($str));
mysql-ocaml: Samuel Mimram <smimram@debian.org>
./mysql-ocaml-1.0.4/mysql_stubs.c: esclen = mysql_escape_string(buf,s,len);
neko: Jens Peter Secher <jps@debian.org>
./neko-1.8.1/libs/mysql/my_proto/my_api.c:int mysql_escape_string( MYSQL *m,
char *sout, const char *sin, int length ) {
./neko-1.8.1/libs/mysql/my_proto/mysql.h:int mysql_escape_string( MYSQL *m,
char *sout, const char *sin, int length );
nepenthes: Luciano Bello <luciano@debian.org>
./nepenthes-0.2.2/modules/sqlhandler-postgres/sqlhandler-postgres.cpp: size =
PQescapeString(escaped,str->c_str(),str->size());
netmrg: Uwe Steinmann <steinm@debian.org>
./netmrg-0.20/src/db.cpp: mysql_escape_string(raw_output, input.c_str(),
input.length());
./netmrg-0.20/www/lib/database.php: return mysql_escape_string($string);
ocsinventory-server: Pierre Chifflier <pollux@debian.org>
./ocsinventory-server-1.02.1/ocsreports/header.php: $req="SELECT
id, accesslvl, passwd FROM operators WHERE
id='".mysql_escape_string($_POST["login"])."'";
./ocsinventory-server-1.02.1/ocsreports/download.php: $dlQuery .=
"files WHERE name='".mysql_escape_string($_GET["n"])."' AND
os='".mysql_escape_string($_GET["o"])."' AND
version='".mysql_escape_string($_GET["v"])."'";
onak: Jonathan McDowell <noodles@earth.li>
./onak-0.3.7/keydb_pg.c: PQescapeString(newsearch, search,
strlen(search));
./onak-0.3.7/keydb_pg.c:
PQescapeString(safeuid, uids[i],
parrot: Debian Parrot Maintainers <pkg-parrot-devel@lists.alioth.debian.org>
./parrot-1.4.0/config/gen/call_list/misc.in:l ttl # unsigned long
mysql_escape_string(char *to,const char *from, unsigned long from_length)
parser-mysql: Sergey B Kirpichev <skirpichev@gmail.com>
./parser-mysql-10.1/parser3mysql.C: mysql_escape_string(result,
from, length);
pgadmin3: Raphael Enrici <blacknoz@club-internet.fr>
./pgadmin3-1.10.0/pgadmin/utils/tabcomplete.c: PQescapeString(e_text, text,
string_length);
./pgadmin3-1.10.0/pgadmin/utils/tabcomplete.c:
PQescapeString(e_addon, addon, strlen(addon));
pgpool2: Peter Eisentraut <petere@debian.org>
./pgpool2-2.2.3/pool_query_cache.c: escaped_query_len =
PQescapeString(escaped_query, query_cache_info->query,
strlen(query_cache_info->query));
pgtcl: Martin Pitt <mpitt@debian.org>
./pgtcl-1.5/generic/pgtclCmds.c: stringSize = PQescapeString
(toString+1, fromString, fromStringLen);
php-getid3: Romain Beauxis <toots@rastageeks.org>
./php-getid3-1.7.9/getid3/extension.cache.mysql.php:
$filenam2 = mysql_escape_string($filename);
./php-getid3-1.7.9/getid3/extension.cache.mysql.php: $res2
= mysql_escape_string(serialize($result));
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`filename` = "'.mysql_escape_string($from).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`filename` = "'.mysql_escape_string($filename).'")';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= ' WHERE (`filename` =
"'.mysql_escape_string($row['filename']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
WHERE `filename` LIKE "'.mysql_escape_string($row['filename']).'"';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`LastModified` =
"'.mysql_escape_string(@$ThisFileInfo['file_modified_time']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`md5_file` =
"'.mysql_escape_string(@$ThisFileInfo['md5_file']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`md5_data` =
"'.mysql_escape_string(@$ThisFileInfo['md5_data']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`md5_data_source` =
"'.mysql_escape_string(@$ThisFileInfo['md5_data_source']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`filesize` =
"'.mysql_escape_string(@$ThisFileInfo['filesize']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`fileformat` =
"'.mysql_escape_string(@$ThisFileInfo['fileformat']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`audio_dataformat` =
"'.mysql_escape_string(@$ThisFileInfo['audio']['dataformat']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`video_dataformat` =
"'.mysql_escape_string(@$ThisFileInfo['video']['dataformat']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`audio_bitrate` =
"'.mysql_escape_string(floatval(@$ThisFileInfo['audio']['bitrate'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`video_bitrate` =
"'.mysql_escape_string(floatval(@$ThisFileInfo['video']['bitrate'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`playtime_seconds` =
"'.mysql_escape_string(floatval(@$ThisFileInfo['playtime_seconds'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`tags` = "'.mysql_escape_string(@implode("\t",
@array_keys(@$ThisFileInfo['tags']))).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`artist` = "'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['comments']['artist'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`title` = "'.mysql_escape_string($this_track_title).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`remix` = "'.mysql_escape_string($this_track_remix).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`album` = "'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['comments']['album'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`genre` = "'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['comments']['genre'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`comment` = "'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['comments']['comment'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`track` = "'.mysql_escape_string($this_track_track).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`comments_all` =
"'.mysql_escape_string(@serialize(@$ThisFileInfo['comments'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`comments_id3v2` =
"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['id3v2'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`comments_ape` =
"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['ape'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`comments_lyrics3` =
"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['lyrics3'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`comments_id3v1` =
"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']['id3v1'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`warning` = "'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['warning'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`error` = "'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['error'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`encoder_options` =
"'.mysql_escape_string(trim(@$ThisFileInfo['audio']['encoder'].'
'.@$ThisFileInfo['audio']['encoder_options'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`vbr_method` = "'.mysql_escape_string(@$ThisFileInfo['mpeg']
['audio']['VBR_method']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '`track_volume` =
"'.mysql_escape_string(floatval(@$ThisFileInfo['replay_gain']['track']
['volume'])).'" ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= 'WHERE (`filename` =
"'.mysql_escape_string(@$ThisFileInfo['filenamepath']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['filenamepath']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['file_modified_time']).'",
';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['md5_file']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['md5_data']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['md5_data_source']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['filesize']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['fileformat']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['audio']
['dataformat']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@$ThisFileInfo['video']
['dataformat']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['audio']
['bitrate'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['video']
['bitrate'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .=
'"'.mysql_escape_string(floatval(@$ThisFileInfo['playtime_seconds'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t",
@array_keys(@$ThisFileInfo['tags']))).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']
['artist'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string($this_track_title).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string($this_track_remix).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']
['album'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']
['genre'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t", @$ThisFileInfo['comments']
['comment'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string($this_track_track).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .=
'"'.mysql_escape_string(@serialize(@$ThisFileInfo['comments'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']
['id3v2'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']
['ape'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']
['lyrics3'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@serialize(@$ThisFileInfo['tags']
['id3v1'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['warning'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(@implode("\t",
@$ThisFileInfo['error'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(trim(@$ThisFileInfo['audio']['encoder'].'
'.@$ThisFileInfo['audio']['encoder_options'])).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(!empty($ThisFileInfo['mpeg']['audio']
['LAME']) ? 'LAME' : @$ThisFileInfo['mpeg']['audio']['VBR_method']).'", ';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= '"'.mysql_escape_string(floatval(@$ThisFileInfo['replay_gain']
['track']['volume'])).'")';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= ' WHERE (`filename` =
"'.mysql_escape_string($row['filename']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
WHERE (`filename` = "'.mysql_escape_string($row['filename']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
`filename` LIKE "'.mysql_escape_string($row['filename']).'"';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
WHERE (`filename` = "'.mysql_escape_string($row['filename']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`encoder_options` =
"'.mysql_escape_string($_REQUEST['encodedbydistribution']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`encoder_options` LIKE "'.mysql_escape_string($_REQUEST['showtagfiles']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`tags` LIKE "'.mysql_escape_string($_REQUEST['showtagfiles']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`md5_data` = "'.mysql_escape_string($row['md5_data']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`artist` = "'.mysql_escape_string($_REQUEST['m3uartist']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND
(`title` = "'.mysql_escape_string($_REQUEST['m3utitle']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
WHERE (`artist` = "'.mysql_escape_string($row['artist']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
AND (`title` = "'.mysql_escape_string($row['title']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php:
$SQLquery .= ' AND (`remix` = "'.mysql_escape_string($row['remix']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
WHERE (`artist` = "'.mysql_escape_string($row['artist']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
AND (`title` = "'.mysql_escape_string($row['title']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`fileformat` = "'.mysql_escape_string($fileformat).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' AND
(`audio_dataformat` = "'.mysql_escape_string($audioformat).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= '
WHERE (`genre` LIKE
"'.mysql_escape_string($_REQUEST['genredistribution']).'")';
./php-getid3-1.7.9/demos/demo.mysql.php: $SQLquery .= ' WHERE
(`vbr_method` = "'.mysql_escape_string($_REQUEST['vbrmethod']).'")';
./php-getid3-1.7.9/demos/demo.mp3header.php: return
mysql_escape_string($text);
phpwiki: Matt Brown <mattb@debian.org>
./phpwiki-1.3.14/lib/pear/DB/mysql.php: return
@mysql_escape_string($str);
pixelpost: Xavier Luthi <xavier@caroxav.be>
./pixelpost-1.7.1/includes/functions.php: if
(version_compare($phpver,"4.3.0")=="-1") $banlist =
mysql_escape_string($banlist);
./pixelpost-1.7.1/includes/functions.php: if
(version_compare($phpver,"4.3.0")=="-1") $banlist =
mysql_escape_string($banlist);
./pixelpost-1.7.1/includes/functions.php:
if(version_compare($phpver, "4.3.0")=="-1") $banlist =
mysql_escape_string($banlist);
./pixelpost-1.7.1/admin/comments.php: $banlist =
mysql_escape_string($banlist);
./pixelpost-1.7.1/admin/comments.php: $banlist =
mysql_escape_string($banlist);
./pixelpost-1.7.1/addons/admin_ping.php:
if(version_compare(phpversion(),"4.3.0")=="-1") $pinglist =
mysql_escape_string($pinglist);
postgresql-ocaml: Debian OCaml Maintainers <debian-ocaml-
maint@lists.debian.org>
./postgresql-ocaml-1.10.3/lib/postgresql_stubs.c: return
Val_int(PQescapeString(String_val(v_to) + Int_val(v_pos_to),
String_val(v_from) + Int_val(v_pos_from),
Int_val(v_len)));
prokyon3: Debian QA Group <packages@qa.debian.org>
./prokyon3-0.9.6/sql++/sql_query.cc:
mysql_escape_string(s,const_cast<char *>(S.c_str()),S.size());
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char
*>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char
*>(in), size);
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s,
const_cast<char *>(in.c_str()), in.size() );
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char
*>(in.c_str()), in.size());
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char
*>(in), size);
./prokyon3-0.9.6/sql++/manip.cc: mysql_escape_string(s, const_cast<char
*>(in.c_str()), in.size() );
psycopg2: Fabio Tranchitella <kobold@debian.org>
./psycopg2-2.0.8/psycopg/adapter_qstring.c: return PQescapeString(to,
from, len);
pvpgn: Radu Spineanu <radu@debian.org>
./pvpgn-1.8.1/build-tree/pvpgn-1.8.1/src/bnetd/sql_pgsql.c:
PQescapeString(escape, from, len);
pygresql: Matthias Klose <doko@debian.org>
./pygresql-4.0/pgmodule.c: to_length = (int)PQescapeString(to, from,
(size_t)from_length);
python-mysqldb: Debian Python Modules Team <python-modules-
team@lists.alioth.debian.org>
./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out, in,
size);
./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out,
in, size);
./python-mysqldb-1.2.2/_mysql.c: len = mysql_escape_string(out+1, in,
size);
./python-mysqldb-1.2.2/_mysql.c: len =
mysql_escape_string(out+1, in, size);
./python-mysqldb-1.2.2/doc/MySQLdb.txt: ``mysql_escape_string()``
``_mysql.escape_string()``
qt-x11-free: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
./qt-x11-free-3.3.8-b/src/sql/drivers/mysql/qsql_mysql.cpp: /*uint
escapedSize =*/ mysql_escape_string( buffer, ba.data(), ba.size() );
ratbox-services: Arnaud Cornet <acornet@debian.org>
./ratbox-services-1.2.1/build-tree/ratbox-services-1.2.1/src/rsdb_pgsql.c:
PQescapeString(buf, src, length);
redland: Dave Beckett <dajobe@debian.org>
./redland-1.0.9/src/rdf_storage_postgresql.c:
PQescapeString(escaped_name,(const char*)name, strlen(name));
./redland-1.0.9/src/rdf_storage_postgresql.c:
PQescapeString(escaped_uri,(const char*)uri, nodelen);
./redland-1.0.9/src/rdf_storage_postgresql.c:
PQescapeString(escaped_value, (const char*)value, valuelen);
./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString(
escaped_lang, (const char*)lang, langlen);
./redland-1.0.9/src/rdf_storage_postgresql.c: PQescapeString(
escaped_datatype, (const char*)datatype, datatypelen);
./redland-1.0.9/src/rdf_storage_postgresql.c:
PQescapeString(escaped_name,(const char*)name, nodelen);
root-system: Christian Holm Christensen <cholm@nbi.dk>
./root-system-5.18.00/pgsql/src/TPgSQLStatement.cxx: mxsz=PQescapeString
(mptr,(char*)mem,sz);
rpm2html: Michal Čihař <nijel@debian.org>
./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len);
./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len);
./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len);
./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value,
len);
./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len);
./rpm2html-1.11.0/sql.c: len = mysql_escape_string(end, value, len);
scuttle: Marcelo Jorge Vieira (metal) <metal@alucinados.com>
./scuttle-0.7.4/includes/db/mysqli.php: return
mysql_escape_string($msg);
./scuttle-0.7.4/includes/db/mysql.php: return
mysql_escape_string($msg);
./scuttle-0.7.4/includes/db/mysql4.php: return
mysql_escape_string($msg);
ser: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
./ser-2.0.0/modules/mysql/val.c: _s +=
mysql_escape_string(_s, VAL_STR(_v).s, l);
sitebar: Carlos Eduardo Sotelo Pinto (krlos) <krlos.aqp@gmail.com>
./sitebar-3.3.9/inc/database.inc.php: return
mysql_escape_string(str_replace('\\0','\\\\0',$str));
snort: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
./snort-2.8.4.1/src/win32/WIN32-Includes/mysql/mysql.h:unsigned long
STDCALL mysql_escape_string(char *to,const char *from,
unsigned long from_length);
spl: Gerfried Fuchs <rhonda@debian.at>
./spl-1.0~pre5/spl_modules/mod_sql_mysql.c: int newtext_len =
mysql_escape_string(newtext+1, text, text_len);
sqlrelay: Debian QA Group <packages@qa.debian.org>
./sqlrelay-0.39.4/src/api/mysql/mysql.C:unsigned long
mysql_escape_string(char *to, const char *from,
unsigned long length);
./sqlrelay-0.39.4/src/api/mysql/mysql.C:unsigned long
mysql_escape_string(char *to, const char *from,
unsigned long length) {
./sqlrelay-0.39.4/src/api/postgresql/pqescape.C:size_t PQescapeString(char
*to, const char *from, size_t length) {
./sqlrelay-0.39.4/test/dropin/postgresql.C:
checkSuccess(PQescapeString(to,from,strlen(from)),7);
./sqlrelay-0.39.4/test/dropin/mysql.C:
checkSuccess(mysql_escape_string(to,from,15),21);
./sqlrelay-0.39.4/TODO:
(mysql_escape_string()/mysql_real_escape_string())
stardict-tools: Jose Carlos Medeiros <debian@psabs.com.br>
./stardict-tools-3.0.1/src/tabfile2sql.cpp: mysql_escape_string(word_buf,
word, word_len);
./stardict-tools-3.0.1/src/tabfile2sql.cpp:
mysql_escape_string(meaning_buf, meaning, meaning_len);
symfony: Martin Meredith <mez@debian.org>
./symfony-1.0.20/lib/vendor/propel-
generator/templates/sql/load/mysql/val.tpl: print "'" .
mysql_escape_string($column->getValue()) . "'";
./symfony-1.0.20/lib/vendor/propel-
generator/classes/propel/engine/platform/MysqlPlatform.php: return
mysql_escape_string($text);
texfam: TSUCHIYA Masatoshi <tsuchiya@namazu.org>
./texfam-1.2.1/build-tree/teTeX-1.0/libs/libwww/HTSQL.c:
mysql_escape_string(q, cp, strlen(cp));
typo3-src: Christian Welzel <gawain@camlann.de>
./typo3-src-4.2.6/ChangeLog: * Update for bug #1354: Use
mysql_escape_string() with PHP 4.1.x
ulogd: Achilleas Kotsis <achille@kotsis.net>
./ulogd-1.24/mysql/ulogd_MYSQL.c:
mysql_escape_string(stmt_ins, tmpstr,
strlen(tmpstr));
./ulogd-1.24/mysql/ulogd_MYSQL.c:
mysql_escape_string(stmt_ins, res->value.ptr,
strlen(res->value.ptr));
./ulogd-1.24/debian/patches/strfix.patch:-
mysql_escape_string(stmt_ins, tmpstr,
- strlen(tmpstr));
./ulogd-1.24/debian/patches/strfix.patch:+
mysql_escape_string(stmt_ins, tmpstr,
+ strlen(tmpstr));
./ulogd-1.24/debian/patches/strfix.patch:-
mysql_escape_string(stmt_ins, res->value.ptr,
- strlen(res->value.ptr));
./ulogd-1.24/debian/patches/strfix.patch:+
mysql_escape_string(stmt_ins, res->value.ptr,
+ strlen(res->value.ptr));
./ulogd-1.24/debian/patches/strfix.patch:-
PQescapeString(stmt_ins,tmpstr,strlen(tmpstr));
./ulogd-1.24/debian/patches/strfix.patch:+
PQescapeString(stmt_ins,tmpstr,strlen(tmpstr));
./ulogd-1.24/debian/patches/strfix.patch:-
PQescapeString(stmt_ins,res->value.ptr,strlen(res->value.ptr));
./ulogd-1.24/debian/patches/strfix.patch:+
PQescapeString(stmt_ins,res->value.ptr,strlen(res->value.ptr));
./ulogd-1.24/pgsql/ulogd_PGSQL.c:
PQescapeString(stmt_ins,tmpstr,strlen(tmpstr));
./ulogd-1.24/pgsql/ulogd_PGSQL.c:
PQescapeString(stmt_ins,res->value.ptr,strlen(res->value.ptr));
w3c-libwww: Richard Atterer <atterer@debian.org>
./w3c-libwww-5.4.0/Library/src/HTSQL.c:
mysql_escape_string(q, cp, strlen(cp));
webcalendar: WebCalendar Debian package development <rafael-
webcalendar@debian.org>
./webcalendar-1.2.0+dfsg/includes/dbi4php.php: : mysql_escape_string
( $string ) ) );
webissues-server: Patrick Matthäi <pmatthaei@debian.org>
./webissues-server-0.8.4/include/database-mysql.inc.php: return
"'" . mysql_escape_string( $arg ) . "'";
wzdftpd: Pierre Chifflier <pollux@debian.org>
./wzdftpd-0.8.3/backends/pgsql/libpgsql_main.c:/** \todo XXX FIXME use
PQescapeString() */
xindy: Jörg Sommer <joerg@alea.gnuu.de>
./xindy-2.3/rte/clisp-2.43/modules/postgresql/postgresql.lisp:(def-call-out
PQescapeString (:return-type uint)
zoneminder: Peter Howard <pjh@northern-ridge.com.au>
./zoneminder-1.24.1/web/includes/database.php: return(
mysql_escape_string( stripslashes( $string ) ) );
./zoneminder-1.24.1/web/includes/database.php: return(
mysql_escape_string( $string ) );
zoph: Edelhard Becker <edelhard@debian.org>
./zoph-0.7.5/php/database.inc.php: return mysql_escape_string($str);
./zoph-0.7.5/contrib/zoph-0.3.3.postgres.diff:- return
mysql_escape_string($str);
./zoph-0.7.5/contrib/zoph-0.3.3.postgres.diff:+ return
mysql_escape_string($str);
Attachment:
signature.asc
Description: This is a digitally signed message part.