Mercurial > dovecot > core-2.2
changeset 4444:d0d04db8e7a6 HEAD
Escape ' with '' instead of with \'.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 27 Jun 2006 12:25:55 +0300 |
parents | a01337f6509a |
children | 13350093fa1b |
files | src/lib-sql/driver-sqlite.c |
diffstat | 1 files changed, 24 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-sql/driver-sqlite.c Tue Jun 27 10:20:06 2006 +0300 +++ b/src/lib-sql/driver-sqlite.c Tue Jun 27 12:25:55 2006 +0300 @@ -2,7 +2,6 @@ #include "lib.h" #include "str.h" -#include "strescape.h" #include "sql-api-private.h" #ifdef BUILD_SQLITE @@ -92,7 +91,30 @@ static char *driver_sqlite_escape_string(struct sql_db *_db __attr_unused__, const char *string) { - return t_strdup_noconst(str_escape(string)); + const char *p; + char *dest, *destbegin; + + /* find the first ' */ + for (p = string; *p != '\''; p++) { + if (*p == '\0') + return t_strdup_noconst(string); + } + + /* @UNSAFE: escape ' with '' */ + dest = destbegin = t_buffer_get((p - string) + strlen(string) * 2 + 1); + + memcpy(dest, string, p - string); + dest += p - string; + + for (; *p != '\0'; p++) { + *dest++ = *p; + if (*p == '\'') + *dest++ = *p; + } + *dest++ = '\0'; + t_buffer_alloc(dest - destbegin); + + return destbegin; } static void driver_sqlite_exec(struct sql_db *_db, const char *query)