diff options
author | Mickaël Rémond <mickael.remond@process-one.net> | 2006-01-13 10:59:52 +0000 |
---|---|---|
committer | Mickaël Rémond <mickael.remond@process-one.net> | 2006-01-13 10:59:52 +0000 |
commit | 54a1ced6f6f35724265f5bdbf4193bae9ddd461b (patch) | |
tree | 8d3e9e29643ba06aa4c6d574ce8100c6226b32bd /src/odbc/ejabberd_odbc.erl | |
parent | * src/ejabberd_service.erl: Bugfix (diff) |
* src/odbc/ejabberd_odbc.erl: underscore and percent are now only
escaped in like queries. MySQL where not escaping those escaped
characters in other context (EJAB-24)
* src/mod_vcard_odbc.erl: likewise.
* src/odbc/mysql.sql: Fixed MySQL database creation script: Was
not properly working with all MySQL version.
SVN Revision: 484
Diffstat (limited to 'src/odbc/ejabberd_odbc.erl')
-rw-r--r-- | src/odbc/ejabberd_odbc.erl | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/src/odbc/ejabberd_odbc.erl b/src/odbc/ejabberd_odbc.erl index 4c2598493..1634ecf0f 100644 --- a/src/odbc/ejabberd_odbc.erl +++ b/src/odbc/ejabberd_odbc.erl @@ -17,7 +17,8 @@ sql_query/2, sql_query_t/1, sql_transaction/2, - escape/1]). + escape/1, + escape_like/1]). %% gen_server callbacks -export([init/1, @@ -84,20 +85,27 @@ sql_query_t(Query) -> QRes end. -escape(S) -> - [case C of - $\0 -> "\\0"; - $\n -> "\\n"; - $\t -> "\\t"; - $\b -> "\\b"; - $\r -> "\\r"; - $' -> "\\'"; - $" -> "\\\""; - $% -> "\\%"; - $_ -> "\\_"; - $\\ -> "\\\\"; - _ -> C - end || C <- S]. +%% Escape character that will confuse an SQL engine +escape(S) when is_list(S) -> + [escape(C) || C <- S]; +escape($\0) -> "\\0"; +escape($\n) -> "\\n"; +escape($\t) -> "\\t"; +escape($\b) -> "\\b"; +escape($\r) -> "\\r"; +escape($') -> "\\'"; +escape($") -> "\\\""; +escape($\\) -> "\\\\"; +escape(C) -> C. + +%% Escape character that will confuse an SQL engine +%% Percent and underscore only need to be escaped for pattern matching like +%% statement +escape_like(S) when is_list(S) -> + [escape_like(C) || C <- S]; +escape_like($%) -> "\\%"; +escape_like($_) -> "\\_"; +escape_like(C) -> escape(C). %%%---------------------------------------------------------------------- |