Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Updating SQL DB from withing a routing script

gimso
2013-01-07
2013-05-09
  • gimso
    gimso
    2013-01-07

    Hello,

    I've set up an OpenSIPS server and am trying to get the following functionality:
    1. Remotely add a row to a database (similar to the alias databas)
    2. When an INVITE is received perform some functionality using alias_db module on that database
    3. Remove the row found from the database.

    #2 is completed and working perfectly :)
    My first question is regarding #3 - How can I delete from an SQL DB (or perform any arbitrary SQL commands on any DB) ?

    My second question is regarding #1 - Right now I'm accessing the alias DB using MySQL remote management interface. I was wondering if it's dangerous, what happens if I try to update the DB while OpenSIPS is reading from it? Is there a safer way to manipulate SQL DBs used by OpenSIPS while it's running?

    Thanks,
    Nir.

     
  • gimso
    gimso
    2013-01-08

    Hi again (feels kinda stupid replying to myself).

    I figured out how to manipulate SQL from within the routing script. I'm using avp_db_query - it's not pretty but it works.

    I'm left with my other question - is it safe to directly manipulate an SQL db used by OpenSIPS, or is there a safer way to it?

    Thanks,
    Nir.

     
  • Hi Nir,

    There is nothing wrong in doing DB ops from script, just be sure (1) to be efficient and (2) to be secure - secure means here to take care of sql injection - be careful what kind of data from the SIP package are you using into your DB queries and use the escaping transformation to avoid injection.

    Regards,
    Bogdan

     
  • gimso
    gimso
    2013-01-08

    Hi Bogdan,

    Thanks for your reply. Is there some module to help me prevent injections, or do I need to write anti-injection functions using regexp myself?

    Also, what about doing DB ops from OUTSIDE the script (meaning I connect directly to the SQL DB from a remote machine, and change values) while OpenSIPS is running. Is this safe?

    Thanks,
    Nir.

     
  • You need to be sure when building the query (in script) - see http://www.opensips.org/Resources/DocsCoreTran18#toc9 . Of course, this make sense only if you are using (in your queries) data from the the SIP message, data that may contain ' or " .

    Regards,
    Bogdan