[OSM-dev] Inserting with planet-to-db [offender]

Martijn van Oosterhout kleptog at gmail.com
Sun Oct 21 15:47:25 BST 2007


On 10/21/07, Stefan de Konink <skinkie at xs4all.nl> wrote:
> One offender is:
>
>   <node id="26017756" lat="14.5661419" lon="120.9876784"
> timestamp="2007-02-19T14:26:32Z">
>     <tag k="description" v=""Our lowest daily rate is P1,275.00 for
> a standard room inclusive of continental breakfast. It is
> airconditioned, with complete personal care kit, 21" tv with cable,
> hair dryer, and individial toilet and bath with running hot and cold
> water."" />
>     <tag k="tourism" v="hotel" />
>     <tag k="name" v="Hotel Victoria de Malate" />
>     <tag k="created_by" v="JOSM" />
>   </node>
>
>
> So my guess is the insert script should do something like html entities
> to ascii?

The insert script should be using placeholders to avoid SQL injection attacks...
Or at the very least proper escaping.

Have a nice day,
-- 
Martijn van Oosterhout <kleptog at gmail.com> http://svana.org/kleptog/




More information about the dev mailing list