Hello!
On Thu, Sep 5, 2013 at 9:36 PM, Siddon Tang wrote:
> I use string.format and ngx.quote_sql_str to construct a sql, but I found
> that quote_sql_str may not handle \0 like this:
>
> print(string.format(ngx.quote_sql_str("abc\0abc")))
>
> the output is 'abc and \0abc' is truncated.
>
> I notice that http://dev.mysql.com/doc/refman/5.0/en/string-literals.html
> say \0 will be escaped.
>
Thank you for the catch!
Just committed a patch to ngx_lua's git master to fix this issue:
https://github.com/chaoslawful/lua-nginx-module/commit/6e4b574
Best regards,
-agentzh