Re: Notice about seconds overroll - S7K bug

[Robert Bihlmeyer <robbe () orcus priv at>]

Tonu Samuel <tonu () please do not remove this spam ee> writes:

> I would like to make your attention on bug which was introduced tonight
> and can affect some people who are using (var)char field to store
> timestamp data.

Since the winnings are so slim, I hope not many people fell pray to
this bug. If you're gonna waste 5 bytes on convenience, wasting a 6th
to buy you peace at least until Unix doomsday does not seem too much.

If you were expecting speed earnings (no strtoul-ing the input) these
get pretty much zilched should you later compare the strings.

> In MySQL we suggested people to use quotation marks around integer
> values.

Which won't protect you from '; attacks, of course. So why not just
make sure that it is a real integer (ahem)? In Perl it would be as
easy as adding zero.

> This is the reason why people put quotation marks around integer
> expressions and this is correct.

Really?

> But when both column is character type and expression, they get
> compared as strings.

As is to be expected when you're lying to your software. The date types
are there for a reason.

-- 
Robbe

Attachment: signature.ng
Description: