Bugtraq mailing list archives
Re: Notice about seconds overroll - S7K bug
From: Robert Bihlmeyer <robbe () orcus priv at>
Date: 12 Sep 2001 12:05:13 +0200
Tonu Samuel <tonu () please do not remove this spam ee> writes:
I would like to make your attention on bug which was introduced tonight and can affect some people who are using (var)char field to store timestamp data.
Since the winnings are so slim, I hope not many people fell pray to this bug. If you're gonna waste 5 bytes on convenience, wasting a 6th to buy you peace at least until Unix doomsday does not seem too much. If you were expecting speed earnings (no strtoul-ing the input) these get pretty much zilched should you later compare the strings.
In MySQL we suggested people to use quotation marks around integer values.
Which won't protect you from '; attacks, of course. So why not just make sure that it is a real integer (ahem)? In Perl it would be as easy as adding zero.
This is the reason why people put quotation marks around integer expressions and this is correct.
Really?
But when both column is character type and expression, they get compared as strings.
As is to be expected when you're lying to your software. The date types are there for a reason. -- Robbe
Attachment:
signature.ng
Description:
Current thread:
- Notice about seconds overroll - S7K bug Tonu Samuel (Sep 09)
- Re: Notice about seconds overroll - S7K bug Robert Bihlmeyer (Sep 12)
- Re: Notice about seconds overroll - S7K bug Tonu Samuel (Sep 14)
- Re: Notice about seconds overroll - S7K bug Robert Bihlmeyer (Sep 12)