[BUGS] Bug Report

Wed, 08 Oct 2003 09:18:37 -0700 

============================================================================
                        POSTGRESQL BUG REPORT TEMPLATE
============================================================================
Your name               : Branden R. Williams
Your email address      : [EMAIL PROTECTED]
System Configuration
---------------------
  Architecture (example: Intel Pentium)         : Intel Pentium
  Operating System (example: Linux 2.0.26 ELF)  : Linux 2.4.18 ELF
  PostgreSQL version (example: PostgreSQL-7.3.4):   PostgreSQL-7.3.4
  Compiler used (example:  gcc 2.95.2)          : Your RPM, RH 8.
Please enter a FULL description of your problem:
------------------------------------------------
When using the replace() function, it appears that some of the output is
filtered through a printf variant.  If you have legitimate db characters
that are also printf flags, it causes big problems.


Please describe a way to repeat the problem.   Please try to provide a
concise reproducible example, if at all possible:
----------------------------------------------------------------------
Place this data inside one field in a db...

/estore/purchase_licenses.asp?numberoflicenses='UNION'&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='UNION'&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='%22&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='%22&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses=9%2c+9%2c+9&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses=9%2c+9%2c+9&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='bad_bad_value&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='bad_bad_value&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses=bad_bad_value'&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses=bad_bad_value'&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='+OR+'&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='+OR+'&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='WHERE&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='WHERE&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses=%3B&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses=%3B&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='OR&ID=1&      =
/estore/purchase_licenses.asp?numberoflicenses='OR&ID=1&      =

Now pretend that you want to filter out various characters, including the
% because %2c is something that printf uses.  In my app, I use printf to
parse data that comes from the database, so I need to fix this.

Doing a nested replace, select the field out using the following
commands...

replace(replace(replace(reportresults.data, chr(92), '\'), chr(37),
'%'), chr(9), '') as data

Look at the results and you will notice the select does not look like it
does if you do not filter at all (or have the replaced characters in there
on some lines).

If you know how this problem might be fixed, list the solution below:
---------------------------------------------------------------------
You will probably have to filter out any % so that printf does not try to
interpret it.


---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Reply via email to