Bug Report

From: "Branden R(dot) Williams" <brw(at)brw(dot)net>
To: pgsql-bugs(at)postgresql(dot)org
Subject: Bug Report
Date: 2003-10-07 21:12:57
Message-ID: Pine.LNX.4.58.0310071600510.26390@altair.kickinit.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

============================================================================
POSTGRESQL BUG REPORT TEMPLATE
============================================================================
Your name : Branden R. Williams
Your email address : brw(at)brw(dot)net
System Configuration
---------------------
Architecture (example: Intel Pentium) : Intel Pentium
Operating System (example: Linux 2.0.26 ELF) : Linux 2.4.18 ELF
PostgreSQL version (example: PostgreSQL-7.3.4): PostgreSQL-7.3.4
Compiler used (example: gcc 2.95.2) : Your RPM, RH 8.
Please enter a FULL description of your problem:
------------------------------------------------
When using the replace() function, it appears that some of the output is
filtered through a printf variant. If you have legitimate db characters
that are also printf flags, it causes big problems.

Please describe a way to repeat the problem. Please try to provide a
concise reproducible example, if at all possible:
----------------------------------------------------------------------
Place this data inside one field in a db...

/estore/purchase_licenses.asp?numberoflicenses='UNION'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='UNION'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='%22&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='%22&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=9%2c+9%2c+9&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=9%2c+9%2c+9&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='bad_bad_value&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='bad_bad_value&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=bad_bad_value'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=bad_bad_value'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='+OR+'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='+OR+'&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='WHERE&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='WHERE&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=%3B&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses=%3B&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='OR&ID=1& =
/estore/purchase_licenses.asp?numberoflicenses='OR&ID=1& =

Now pretend that you want to filter out various characters, including the
% because %2c is something that printf uses. In my app, I use printf to
parse data that comes from the database, so I need to fix this.

Doing a nested replace, select the field out using the following
commands...

replace(replace(replace(reportresults.data, chr(92), '&#92;'), chr(37),
'&#37;'), chr(9), '') as data

Look at the results and you will notice the select does not look like it
does if you do not filter at all (or have the replaced characters in there
on some lines).

If you know how this problem might be fixed, list the solution below:
---------------------------------------------------------------------
You will probably have to filter out any % so that printf does not try to
interpret it.

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message ljb 2003-10-08 01:41:10 Re: 7.4beta4: make check broken?
Previous Message Stephan Szabo 2003-10-07 18:23:44 Re: Odd Foreign Key Bug