[mythtv-users] MythLog : Invalid Characters in Program name

Blammo [doh] blammo.doh at gmail.com
Fri Sep 17 22:33:09 EDT 2004


as soon as I figured out what it was, that was my 2nd thought..

Running it through an "alphanum" filter at time of import would
resolve this issue in probably the cleanest fashion, however, to be
safe, any SQL statement should be "sanitized"




On Fri, 17 Sep 2004 22:28:23 -0400, Michael Starks
<mythtv at michaelstarks.com> wrote:
> On Fri, 2004-09-17 at 12:08 -0700, Blammo [doh] wrote:
> 
> > Database error was:
> > You have an error in your SQL syntax near 'Neighborhood" recorded from
> > channel 1008 at Fri Sep 17 11:30:00 2004' )' at line 1
> >
> > It appears the extra ' in the title is borking the insert statement.
> > Those ' characters should likely either be translated to something
> > else or dropped,.
> 
> This SQL injection bug shows the power of program guide information.
> Malicious data could do damage on a large scale.  Something to consider
> when thinking about possible peer-to-peer sharing of guide data.
> --
> Michael Starks <mythtv at michaelstarks.com>
> 
>


More information about the mythtv-users mailing list