Tonu Samuel <tonu@please.do.not.remove.this.spam.ee> writes:
> I would like to make your attention on bug which was introduced tonight
> and can affect some people who are using (var)char field to store
> timestamp data.
Since the winnings are so slim, I hope not many people fell pray to
this bug. If you're gonna waste 5 bytes on convenience, wasting a 6th
to buy you peace at least until Unix doomsday does not seem too much.
If you were expecting speed earnings (no strtoul-ing the input) these
get pretty much zilched should you later compare the strings.
> In MySQL we suggested people to use quotation marks around integer
> values.
Which won't protect you from '; attacks, of course. So why not just
make sure that it is a real integer (ahem)? In Perl it would be as
easy as adding zero.
> This is the reason why people put quotation marks around integer
> expressions and this is correct.
Really?
> But when both column is character type and expression, they get
> compared as strings.
As is to be expected when you're lying to your software. The date types
are there for a reason.
--
Robbe
signature.ng
