Bug #5392 MySqlCommand sees "?" as parameters in string literals
Submitted: 3 Sep 2004 15:52 Modified: 4 Sep 2004 3:27
Reporter: David Richardson Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S3 (Non-critical)
Version:1.0.0 OS:Windows (Windows XP Pro & Red Hat 9)
Assigned to: Reggie Burnett CPU Architecture:Any

[3 Sep 2004 15:52] David Richardson
Description:
I have an update statement that I am executing against our MySql database on RedHat 9.  The statement has a string literal in it and that string value has a "?" in it.  When I try to execute it against the database, I receive the following error:

Parameter '?' must be defined

How to repeat:
Here is the statement that is executing:

UPDATE SiteCore.MASTERITEMS SET Xml = '<item id="{938340CA-8733-4744-9EE9-8345F028CAD0}" name="Don''t Overlook Low-Tech Security Threats" key="don''t overlook low-tech security threats" sortorder="0" dirty="1" tid="{E7B765B9-298C-471D-A224-89AB1646E4EB}" mid="{3299ACB8-F98F-43B2-B015-650A565E6CFA}"><security /><version revision="1.0" created="20040902T162224" createdby="Admin" updated="20040903T093647" updatedby="Admin"><field tfid="{44C93265-997C-4F8F-8274-3F54A4FAB9E9}"><content lang="en">Don''t Overlook "Low-Tech" Security Threats</content></field><field tfid="{7BDACCA6-1306-4570-ABDC-B400AA1CE047}"><content lang="en">&lt;P&gt;
Many companies focus a lot of time and a great deal of money on security tools, such as unbreakable encryption, firewalls, and public-key infrastructures.  However, often not enough attention is paid to less-technical measures that can be taken to secure your corporate data.  Especially since many network break-ins rely more on bluffing than they do on technology.  Policies must be in place and understood to help ensure employees don''t give out critical information to the skilled saboteur.
&lt;P&gt;
Winkler, a security expert, was recently hired to test a bank''s security.  It took him four days to make their firewalls "irrelevant".  After some Web research and several phone calls, he had all the information he needed to be authorized to make $2million transactions.  
&lt;P&gt;
What can be done?  "Create and enforce strict management policies".  Employees should receive training on social engineering attacks, as well as understand the consequences if important information is given up.
In the words of Winkler, "Sweat the small stuff.  That''s what costs us billions."
&lt;P&gt;
&lt;A HREF="http://www.zdnet.com/zdnn/stories/news/0,4586,2124500,00.html"&gt;"Low-tech break-ins a big problem"&lt;/A&gt; from ZDNet.&lt;p&gt;</content></field><field tfid="{94AF8E06-F201-4682-A16D-A4B168837808}"><content lang="en">Many companies focus a lot of time and a great deal of money on security tools, such as unbreakable encryption, firewalls, and public-key infrastructures</content></field><field tfid="{83AE822F-6D02-4B28-9E2D-9837223014A7}"><content lang="en" /></field><field tfid="{2A25E718-CC5D-417C-BFF3-82E03F4065CF}"><content lang="en" /></field><field tfid="{87E88BB8-484C-4B86-9D16-818B1247C443}"><content lang="en">19990215T193337</content></field><field tfid="{EA6F0942-1AAC-4145-A121-D1E1DFE4362F}"><content lang="en">20021223T134055</content></field><field tfid="{C8F93AFE-BFD4-4E8F-9C61-152559854661}" /><field tfid="{4C346442-E859-4EFD-89B2-44AEDF467D21}" /><field tfid="{1172F251-DAD4-4EFB-A329-0C63500E4F1E}" /><field tfid="{B8F42732-9CB8-478D-AE95-07E25345FB0F}" /><field tfid="{507ED8C6-6C2B-42B2-9461-DF4C79D919E5}" /><field tfid="{E1D68787-D22B-4EA2-82B3-84C282E375EB}"><content /></field><field tfid="{F1A1FE9E-A60C-4DDB-A3A0-BB5B29FE732E}"><content /></field><field tfid="{74484BDF-7C86-463C-B49F-7B73B9AFC965}" /><field tfid="{2176F66D-E7D1-45D6-B853-7381BD9535D7}" /><field tfid="{972989B3-37EA-46EE-A060-D089B395A928}"><content lang="en">{FD441557-797C-42CB-A7D5-CB580A89FC09}|</content></field><field tfid="{C22023D9-8FBA-4EC8-9C14-12AD77A3DE83}" /><field tfid="{D5BE1D75-12F7-4678-A021-63E73A4590EB}" /><field tfid="{54AEC4F7-5610-4664-B3B2-49443CEBDAD8}"><content lang="en">ZDNet</content></field><field tfid="{0B1F4E07-2846-4E37-9B75-338E913F4E65}"><content lang="en">Insight Analysis and Advice</content></field></version></item>',  Updated = '20040903T093647' WHERE Id = '{938340CA-8733-4744-9EE9-8345F028CAD0}'
[4 Sep 2004 3:27] Reggie Burnett
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html