Philip Hazel <ph10@???> probably said:
> You have missed out the {} that are required round the "success" value.
> Try this:
>
> bruker.epost='${local_part}@${domain}'} {${value}}fail}
>
> I always feel that this kind of thing looks better if you omit
> unnecessary {} for variables:
>
> bruker.epost='$local_part@$domain'} {$value}fail}
This started me wondering ... user supplied data straight into a mysql
query. If you managed to get the right characters into local_part
couldn't you end up doing a random query that could be destructive ?
Shouldn't this probably be wrapped with
${quote_mysql:$local_part@$domain} ?
On the subject of exim/mysql, I've been messing with it since I'm
doing PHP/mysql in another area. Has anyone come up with a nice way
to not let have passwords available to users on a shall machine where
the config file has to be readable ?
My solution so far is to have a mysql user specificly for exim that
only has privs to look up things exim needs (and read only), but if
theres a better way ....
P.
--
pir pir@??? pir@???
