Tonu Samuel <tonuplease.do.not.remove.this.spam.ee> writes:

> I would like to make your attention on bug which was introduced tonight
> and can affect some people who are using (var)char field to store
> timestamp data.

Since the winnings are so slim, I hope not many people fell pray to
this bug. If you're gonna waste 5 bytes on convenience, wasting a 6th
to buy you peace at least until Unix doomsday does not seem too much.

If you were expecting speed earnings (no strtoul-ing the input) these
get pretty much zilched should you later compare the strings.

> In MySQL we suggested people to use quotation marks around integer
> values.

Which won't protect you from '; attacks, of course. So why not just
make sure that it is a real integer (ahem)? In Perl it would be as
easy as adding zero.

> This is the reason why people put quotation marks around integer
> expressions and this is correct.

Really?

> But when both column is character type and expression, they get
> compared as strings.

As is to be expected when you're lying to your software. The date types
are there for a reason.

-- 
Robbe

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE7n0ux8g21h7wYWrMRAuUPAKDIJPxZBPKVgJHZldMJWi5WFBvGtgCfX3Up WuJt+l/FTSnQe2bYrbeOIf0= =lbmR -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]