|XP is just a number|
Re: untainting or encoding for shelled sqlplus updateby goibhniu (Hermit)
|on May 19, 2008 at 19:21 UTC||Need Help??|
I have a solution. For those interested, all my attempts to escape special characters were slightly off target. If I ran the script in a DB IDE like SQL Navigator, it worked fine. The only time it failed was in sqlplus. It turns out that when sqlplus is processing multiline info, it treats an empty line sorta like the end of a <<HERE doc.
I've left in all the special character encoding (for sql insertion reasons), but the thing that really fixed my script was:
and thanks to the guys in the Chatterbox (Intrepid, jdporter, mwah, bart, ambrus) for helping me write the regexp and consider corner cases on this.
#my sig used to say 'I humbly seek wisdom. '. Now it says:
I humbly seek wisdom.