Problem with ' in user id

Version 1
    This document was generated from CDN thread

    Created by: Paul Wilkinson on 21-10-2009 04:19:32 AM
    Hi,
     
    I am having some problems using the AXL in CUCM 7 to manage users where the userid contains a '.  If I escape the userid with ' then the axl:addUser works sucessfully, as does a call to axl:addUserToGroup.
     
    If I use the same escape in axl:updateUser then it I get an AXL fault -201 "A syntax error has occurred".  Looking in the AXL debug trace on CUCM I can see that this is because CUCM has issued the sql statement " select pkid from enduser where userid='d'arcy' ".
     
    If I escape the userid in SQL format myself before calling axl:updateUser (ie change the userid to "d''arcy") then I get a slightly different AXL fault 5003 - "Error getting the password". I suspect that this is because although the SQL query is now valid, some other else is looking for the userid d''arcy (ie, not treating it as an escaped SQL string). Interestingly when I do this I can see other SQL in the trace that refers to userid d''''arcy (ie, it has been double escaped), so it seems that some SQL generating code is correctly escaping embedded ', while other code is not.
     
    I believe that the correct approach should be to encode with ' as this seems to work generally for other elements and calls.
     
    Does anyone have any other suggestions on how I should encode the data?
     
    This is on CUCM 7.1.2.10000-4, but I have seen problems with ' on CUCM in the past.  Up until now we have recommended that our customers avoid ' in userids, but it would be better if this worked correctly; there are no problems with creating users containing ' through ccmadmin.
     
    Thanks,
        Paul

    Subject: RE: Problem with ' in user id
    Replied by: BHUVANESWARI RAJAMANICKAM on 22-10-2009 08:23:21 AM
    Hi Paul,
     
    It's always advised to escape characters like ' because axl is an xml soap application, and these characters break xml application unless escaped. Escape the ' to ' This is the advised method, and if it works in all cases, then I think that is the solution for this. Let me know if this method works.
     
    Thanks and Regards,
    Bhuvana
    Developer Services

    Subject: RE: Problem with ' in user id
    Replied by: BHUVANESWARI RAJAMANICKAM on 23-10-2009 12:22:36 PM
    Hi Paul,
     
    It seems ' works for several requests where users are involved, but not for updateUser.  Reproduced the problem in UCM version 7.1(3).
     
    Created a defect CSCtc72474 for this issue.
     
    Thanks and Regards,
    Bhuvana
    Developer Services

    Subject: RE: Problem with ' in user id
    Replied by: Paul Wilkinson on 24-10-2009 11:25:36 AM
    Hi Bhuvana,
     
    Thanks for the update.
     
    Paul