Michael Peppler Sybase Consulting

Menu

Home

Sybase on Linux

Install Guide for Sybase on Linux

General Sybase Resources

General Perl Resources

Freeware

Sybperl

Sybase::Simple

DBD::Sybase

BCP Tool

Bug Tracker

Mailing List Archive

Downloads Directory

FAQs

Sybase on Linux FAQ

Sybperl FAQ

Personal

Michael Peppler's resume

Personal Homepage

sybperl-l Archive

Up Prev Next

From: "Avis, Ed" <avised at kbcfp dot com>
Subject: RE: Intresting case of SQL Injection
Date: Dec 5 2003 4:05PM

If DBD::Sybase wants to use NUL-terminated strings it should certainly
produce a warning (or even an exception) when you try to bind a string
with embedded NUL to a placeholder; silently truncating the string is
not good.

(My feeling is that if at all possible strings should go through
untouched, NULs and all.  But if you do want to truncate them, at
least do so noisily.)

-- 
Ed Avis