Escape to prevent command expansion

2025-08-01 15:36:00 +00:00 · 2020-10-07 20:17:21 +03:00
parent 1f50a3a4e6
commit 20f947e7e5
1 changed files with 5 additions and 0 deletions
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@ -622,7 +622,12 @@ else {
 sub escapestr
 {
 local $rv = $_[0];
+
+# Prevent escaping query
 $rv =~ s/'/''/g;
+
+# Prevent escaping command
+$rv =~ s/"/\\"/g;
 return $rv;
 }