Re: Pavel Raiskup 2016-04-14 <2358560.7dzo2vKd9I@nb.usersys.redhat.com>
> Hi, fyi, I keep getting...
Hi,
I'm getting exactly the same diff on Debian unstable.
Do we simply have to update expected/param-conversions{,_1}.out or is
there a bug in the (testing?) code?
> + cat ./regression.diffs
> *** ./expected/param-conversions.out Sat Apr 9 14:19:08 2016
> --- results/param-conversions.out Thu Apr 14 15:44:56 2016
> ***************
> *** 72,83 ****
>
> Testing "SELECT 1.3 > ?" with SQL_C_CHAR -> SQL_FLOAT param "3', 'injected, BAD!', '1"...
> SQLExecDirect failed
> ! 22P02=ERROR: invalid input syntax for type double precision: "3', 'injected, BAD!', '1";
> Error while executing the query
>
> Testing "SELECT 1.4 > ?" with SQL_C_CHAR -> SQL_FLOAT param "4 \'bad', '1"...
> SQLExecDirect failed
> ! 22P02=ERROR: invalid input syntax for type double precision: "4 \'bad', '1";
> Error while executing the query
>
> Testing "SELECT 1-?" with SQL_C_CHAR -> SQL_INTEGER param "-1"...
> --- 72,83 ----
>
> Testing "SELECT 1.3 > ?" with SQL_C_CHAR -> SQL_FLOAT param "3', 'injected, BAD!', '1"...
> SQLExecDirect failed
> ! 22P02=ERROR: invalid input syntax for type numeric: "3', 'injected, BAD!', '1";
> Error while executing the query
>
> Testing "SELECT 1.4 > ?" with SQL_C_CHAR -> SQL_FLOAT param "4 \'bad', '1"...
> SQLExecDirect failed
> ! 22P02=ERROR: invalid input syntax for type numeric: "4 \'bad', '1";
> Error while executing the query
>
> Testing "SELECT 1-?" with SQL_C_CHAR -> SQL_INTEGER param "-1"...
> + read line
>
> ... on Fedora 23. I'll try to look more carefuly next week unless there
> is somebody quicker than me.
Christoph