New issue
Advanced search Search tips

Issue 678524 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jan 2017
Cc:
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

sql injection problem

Reported by amithac...@gmail.com, Jan 5 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce the problem:
Chrome Version       : Version 55.0.2883.87 m (64-bit)

URL : http://www.w3schools.com/sql/trysql.asp?filename=trysql_select_all
Behavior in Safari 4.x/5.x: working well
Behavior in Firefox 3.x/4.x: working well
Behavior in explorer : working well

What steps will reproduce the problem?
(1)entering the website  
(2) input "SELECT UCASE(ContactName) FROM [Customers]"
(3)press 'run SQL'
(4)  	'Error1: could not prepare statement (1no such function: Ucase)' appear

What is the expected behavior?
it should work. 

What went wrong?

What steps will reproduce the problem?
(1)entering the website  
(2) input "SELECT UCASE(ContactName) FROM [Customers]"
(3)press 'run SQL'
(4)  	'Error1: could not prepare statement (1no such function: Ucase)' appear

Did this work before? No 

Chrome version: 55.0.2883.87  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 24.0 r0

working anywhere , just not in chrome

Comment 1 by ajha@chromium.org, Jan 6 2017 

 Issue 678523  has been merged into this issue.

Comment 2 by ajha@chromium.org, Jan 6 2017

Labels: Needs-Triage-M55

Comment 3 by kkaluri@chromium.org, Jan 6 2017

Cc: kkaluri@chromium.org
Labels: Needs-Feedback
Unable to reproduce the issue on windows 10 with chrome version #55.0.2883.87.
No error is seen on running sql command.
Attaching the screen-cast for your reference, Could you please try the same scenario with clean profile with no apps/extensions and let us know your observations.
Issue 678524.mp4
5.0 MB View Download

Comment 4 by woxxom@gmail.com, Jan 6 2017 

#3, you didn't follow the STR, specifically step 2. The bug is present since at least Chrome 31, also in the latest canary.

Comment 5 by amithac...@gmail.com, Jan 7 2017 

#3 didn't follow my instructions .

Comment 6 by amithac...@gmail.com, Jan 10 2017 

does anyone has answer?

Comment 7 by dtapu...@chromium.org, Jan 13 2017

Components: -Blink Blink>Storage>WebSQL
Labels: -Needs-Feedback
Status: WontFix (was: Unconfirmed)
It is working in Edge and FireFox because they don't seem to pass the w3schoolsWebSQLOK statement. And then the page is actually going to a backend server that has different semantics.

See:
	if (w3schoolsWebSQLOK === true && statementSupport === "") {
		w3schoolsWebSQL1.runSQL();
	} else {
		var t=document.getElementById("textareaCodeSQL").value;
		t=t.replace(/=/gi,"w3equalsign");
		w3schoolsNoWebSQLSubmit();
	}

where it actually submits a form to the server to get the results. UCASE is not  supported at all in WebSQL so closing the issue. You are seeing different semantics because the page you are using has different semantics.

Sign in to add a comment