Menu
▾
▴
[Pam-mysql-general] Username escaping problem
|
From: Julien E. <pan...@az...> - 2005-09-13 09:08:51
|
Hello, I'm trying to auth users based on their domain name. In my database, domains are separated in two fields, one for domain and one for tld. So I use this for username : usercolumn=CONCAT(domaines.domaine,'.',domaines.tld) But mysql_escape_string() replace the ' by \' so the request made to MySQL ins't correct : cat /var/log/auth.log Sep 13 09:41:55 ron login[10400]: pam_mysql - SELECT 1, pass FROM domaines WHERE CONCAT(domaines.domaine,\'.\',domaines.tld) Sep 13 09:41:55 ron login[10400]: pam_mysql - MySQL error (You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'.\',domaines.tld) = 'asylog'' at line 1) I tried to comment the lines calling mysql_escape_string() in pam_mysql_quick_escape() but I have a seg fault (probably due to the lack of \0 at end of the char). How may I do this ? Thanks, Julien Escario |
