kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-19 11:42:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make sure that the ESCAPE immediately follows the condition that uses LIKE.

Browse Source 
This fixes realtime extensions with ODBC.
(closes issue #10175, reported by stuarth, patch by me)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@74656 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Russell Bryant
2007-07-11 18:33:23 +00:00
parent 7055d9fe45
commit 4307bca95c
1 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
res/res_config_odbc.c
View File

@@ -95,16 +95,15 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl
return NULL; return NULL;
} }
newval = va_arg(aq, const char *); newval = va_arg(aq, const char *);
if (!strchr(newparam, ' ')) op = " ="; else op = ""; op = !strchr(newparam, ' ') ? " =" : "";
snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op); snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op);
while((newparam = va_arg(aq, const char *))) { while((newparam = va_arg(aq, const char *))) {
if (!strchr(newparam, ' ')) op = " ="; else op = ""; op = !strchr(newparam, ' ') ? " =" : "";
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?", newparam, op); snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op,
strcasestr(newparam, "LIKE") ? " ESCAPE '\\'" : "");
newval = va_arg(aq, const char *); newval = va_arg(aq, const char *);
} }
va_end(aq); va_end(aq);
if (strcasestr(sql, "LIKE"))
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ESCAPE '\\'");
res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS); res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS);
if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) {
@@ -242,18 +241,17 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char *
if (initfield && (op = strchr(initfield, ' '))) if (initfield && (op = strchr(initfield, ' ')))
*op = '\0'; *op = '\0';
newval = va_arg(aq, const char *); newval = va_arg(aq, const char *);
if (!strchr(newparam, ' ')) op = " ="; else op = ""; op = !strchr(newparam, ' ') ? " =" : "";
snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op); snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op);
while((newparam = va_arg(aq, const char *))) { while((newparam = va_arg(aq, const char *))) {
if (!strchr(newparam, ' ')) op = " ="; else op = ""; op = !strchr(newparam, ' ') ? " =" : "";
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?", newparam, op); snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op,
strcasestr(newparam, "LIKE") ? " ESCAPE '\\'" : "");
newval = va_arg(aq, const char *); newval = va_arg(aq, const char *);
} }
if (initfield) if (initfield)
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ORDER BY %s", initfield); snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ORDER BY %s", initfield);
va_end(aq); va_end(aq);
if (strcasestr(sql, "LIKE"))
snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ESCAPE '\\'");
res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS); res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS);
if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) {