Sample Header Ad - 728x90

Weird ProFTPd and mod_sql string escaping

0 votes
1 answer
115 views
sql proftpd
I am using/trying to use ProFTPd with users in SQL and using stock sql configuration. I currently have a problem with weird string escaping, but ONLY for INSERT into the "tally" table, not for SELECT. My conf is SQLNamedQuery get-quota-tally SELECT "name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used FROM ftp_quota_tally WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery insert-quota-tally FREEFORM "INSERT INTO ftp_quota_tally (name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used) VALUES (%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7})" The sql query log shows this for the SELECT: 2020-09-15 03:53:37,317 mod_sql/4.5: query "SELECT name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used FROM ftp_quota_tally WHERE name = 'USERNAME_HERE' AND quota_type = 'user'" which is ok, but it shows 2020-09-15 03:53:37,321 mod_sql/4.5: query "INSERT INTO ftp_quota_tally (name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used) VALUES (\'USERNAME_HERE\', \'user\', 0.000000, 0.000000, 0.000000, 0, 0, 0)" ProFTPd escapes the ${0} and ${1} with \'. NOTE: (1) I already tried to use this sql query SQLNamedQuery insert-quota-tally FREEFORM "INSERT INTO ftp_quota_tally (name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used) VALUES ('%{0}', '%{1}', %{2}, %{3}, %{4}, %{5}, %{6}, %{7})" which leads to more escaping 2020-09-15 04:15:58,490 mod_sql/4.5: query "INSERT INTO ftp_quota_tally (name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used) VALUES ('\'USERNAME_HERE\'', '\'user\'', 0.000000, 0.000000, 0.000000, 0, 0, 0)" (2) I also tried the non-FREEFORM way INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftp_quota_tally which leads also to the same weird escaping as in my FREEFORM-way. Any ideas?
Asked by Schubi Duah (153 rep)
Sep 15, 2020, 02:17 AM
Last activity: Nov 3, 2020, 03:16 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "sql"
More questions tagged "proftpd"
Footer Ad - 728x90