[open-ils-commits] r16658 - trunk/Open-ILS/src/c-apps (scottmk)
svn at svn.open-ils.org
svn at svn.open-ils.org
Thu Jun 10 14:57:18 EDT 2010
Author: scottmk
Date: 2010-06-10 14:57:14 -0400 (Thu, 10 Jun 2010)
New Revision: 16658
Modified:
trunk/Open-ILS/src/c-apps/buildSQL.c
Log:
When building string literals in SQL: escape special characters.
M Open-ILS/src/c-apps/buildSQL.c
Modified: trunk/Open-ILS/src/c-apps/buildSQL.c
===================================================================
--- trunk/Open-ILS/src/c-apps/buildSQL.c 2010-06-10 18:49:14 UTC (rev 16657)
+++ trunk/Open-ILS/src/c-apps/buildSQL.c 2010-06-10 18:57:14 UTC (rev 16658)
@@ -832,10 +832,17 @@
"Internal error: No string value in string expression # %d", expr->id ));
state->error = 1;
} else {
- // To do: escape special characters in the string
- buffer_add_char( state->sql, '\'' );
- buffer_add( state->sql, expr->literal );
- buffer_add_char( state->sql, '\'' );
+ char* str = strdup( expr->literal );
+ dbi_conn_quote_string( state->dbhandle, &str );
+ if( str ) {
+ buffer_add( state->sql, str );
+ free( str );
+ } else {
+ osrfLogWarning( OSRF_LOG_MARK, sqlAddMsg( state,
+ "Unable to format string literal \"%s\" for expression # %d",
+ expr->literal, expr->id ));
+ state->error = 1;
+ }
}
break;
case EXP_SUBQUERY :
@@ -1037,10 +1044,17 @@
"Invalid value for bind variable: expected a string, found a number" );
state->error = 1;
} else {
- // To do: escape special characters in the string
- buffer_add_char( state->sql, '\'' );
- buffer_add( state->sql, jsonObjectGetString( obj ));
- buffer_add_char( state->sql, '\'' );
+ char* str = jsonObjectToSimpleString( obj );
+ dbi_conn_quote_string( state->dbhandle, &str );
+ if( str ) {
+ buffer_add( state->sql, str );
+ free( str );
+ } else {
+ osrfLogWarning( OSRF_LOG_MARK, sqlAddMsg( state,
+ "Unable to format string literal \"%s\" for bind variable",
+ jsonObjectGetString( obj )));
+ state->error = 1;
+ }
}
break;
case JSON_NUMBER :
More information about the open-ils-commits
mailing list