[mapserver-users] Variable substitution error with non-ASCII characters

Even Rouault even.rouault at mines-paris.org
Mon Aug 8 12:26:23 EDT 2011 

Selon Rahkonen Jukka <Jukka.Rahkonen at mmmtike.fi>:

Did you check the encoding of your 'ä' character ? I would think that if it is
sent in UTF-8 it should work.

I'd also warn you that unless you've defined a very strict validation pattern,
such use of substitution is potentially dangerous because it leaves the door
wide open to SQL injections.

> Hi,
>
> I have been playing with variable substitution inside the DATA part of my
> mapfile. I have defined variable %sql% which is tranferred inside a WHERE
> part of the SQL selecting data for me. The next with &sql=highway='bus_stop'
> works fine.
>
>
http://188.64.1.61/cgi-bin/ms_ows?REQUEST=GetMap&SERVICE=WMS&VERSION=1.1.1&WIDTH=563&HEIGHT=437&LAYERS=osm_pisteet&TRANSPARENT=TRUE&FORMAT=image/png&BBOX=-369151.98300283286,6597900.0,1511076.628895184,8057331.444759207&SRS=EPSG:3067&STYLES=&sql=highway='bus_stop'
>
> However, if the variable contains non-ASCII characters the queries will fail.
> For example &sql=highway='ä'
> gives the following error.
>
>
> <?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?>
> <!DOCTYPE ServiceExceptionReport SYSTEM
> "http://schemas.opengis.net/wms/1.1.1/exception_1_1_1.dtd">
> <ServiceExceptionReport version="1.1.1">
> <ServiceException>
> msDrawMap(): Image handling error. Failed to draw layer named
> &#39;osm_pisteet&#39;.
> msPostGISLayerWhichShapes(): Query error. Error (ERROR:  invalid byte
> sequence for encoding &quot;UTF8&quot;: 0xe42729
> ) executing query: select
> encode(ST_AsBinary(ST_Force_2D(&quot;way&quot;),&#39;NDR&#39;),&#39;hex&#39;)
> as geom,&quot;osm_id&quot; from (select (way),osm_id,tags from osm_point
> where highway=&#39;ä&#39;) as foo where way &amp;&amp;
> GeomFromText(&#39;POLYGON((-367482.152974504
> 6599569.83002833,-367482.152974504 8055661.61473088,1509406.79886686
> 8055661.61473088,1509406.79886686 6599569.83002833,-367482.152974504
> 6599569.83002833))&#39;,3067)
> </ServiceException>
> </ServiceExceptionReport>
>
> Is there any known way to solve the invalid byte sequence error for example
> by escaping the none-ASCII characters in some way?
>
> -Jukka Rahkonen-_______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>

More information about the mapserver-users mailing list