aboutsummaryrefslogtreecommitdiff
path: root/src/odbc/ejabberd_odbc.erl
diff options
context:
space:
mode:
Diffstat (limited to 'src/odbc/ejabberd_odbc.erl')
-rw-r--r--src/odbc/ejabberd_odbc.erl38
1 files changed, 23 insertions, 15 deletions
diff --git a/src/odbc/ejabberd_odbc.erl b/src/odbc/ejabberd_odbc.erl
index 4c2598493..1634ecf0f 100644
--- a/src/odbc/ejabberd_odbc.erl
+++ b/src/odbc/ejabberd_odbc.erl
@@ -17,7 +17,8 @@
sql_query/2,
sql_query_t/1,
sql_transaction/2,
- escape/1]).
+ escape/1,
+ escape_like/1]).
%% gen_server callbacks
-export([init/1,
@@ -84,20 +85,27 @@ sql_query_t(Query) ->
QRes
end.
-escape(S) ->
- [case C of
- $\0 -> "\\0";
- $\n -> "\\n";
- $\t -> "\\t";
- $\b -> "\\b";
- $\r -> "\\r";
- $' -> "\\'";
- $" -> "\\\"";
- $% -> "\\%";
- $_ -> "\\_";
- $\\ -> "\\\\";
- _ -> C
- end || C <- S].
+%% Escape character that will confuse an SQL engine
+escape(S) when is_list(S) ->
+ [escape(C) || C <- S];
+escape($\0) -> "\\0";
+escape($\n) -> "\\n";
+escape($\t) -> "\\t";
+escape($\b) -> "\\b";
+escape($\r) -> "\\r";
+escape($') -> "\\'";
+escape($") -> "\\\"";
+escape($\\) -> "\\\\";
+escape(C) -> C.
+
+%% Escape character that will confuse an SQL engine
+%% Percent and underscore only need to be escaped for pattern matching like
+%% statement
+escape_like(S) when is_list(S) ->
+ [escape_like(C) || C <- S];
+escape_like($%) -> "\\%";
+escape_like($_) -> "\\_";
+escape_like(C) -> escape(C).
%%%----------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 06:49:29 +0000