From 54a1ced6f6f35724265f5bdbf4193bae9ddd461b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20R=C3=A9mond?= Date: Fri, 13 Jan 2006 10:59:52 +0000 Subject: * src/odbc/ejabberd_odbc.erl: underscore and percent are now only escaped in like queries. MySQL where not escaping those escaped characters in other context (EJAB-24) * src/mod_vcard_odbc.erl: likewise. * src/odbc/mysql.sql: Fixed MySQL database creation script: Was not properly working with all MySQL version. SVN Revision: 484 --- src/odbc/ejabberd_odbc.erl | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) (limited to 'src/odbc/ejabberd_odbc.erl') diff --git a/src/odbc/ejabberd_odbc.erl b/src/odbc/ejabberd_odbc.erl index 4c2598493..1634ecf0f 100644 --- a/src/odbc/ejabberd_odbc.erl +++ b/src/odbc/ejabberd_odbc.erl @@ -17,7 +17,8 @@ sql_query/2, sql_query_t/1, sql_transaction/2, - escape/1]). + escape/1, + escape_like/1]). %% gen_server callbacks -export([init/1, @@ -84,20 +85,27 @@ sql_query_t(Query) -> QRes end. -escape(S) -> - [case C of - $\0 -> "\\0"; - $\n -> "\\n"; - $\t -> "\\t"; - $\b -> "\\b"; - $\r -> "\\r"; - $' -> "\\'"; - $" -> "\\\""; - $% -> "\\%"; - $_ -> "\\_"; - $\\ -> "\\\\"; - _ -> C - end || C <- S]. +%% Escape character that will confuse an SQL engine +escape(S) when is_list(S) -> + [escape(C) || C <- S]; +escape($\0) -> "\\0"; +escape($\n) -> "\\n"; +escape($\t) -> "\\t"; +escape($\b) -> "\\b"; +escape($\r) -> "\\r"; +escape($') -> "\\'"; +escape($") -> "\\\""; +escape($\\) -> "\\\\"; +escape(C) -> C. + +%% Escape character that will confuse an SQL engine +%% Percent and underscore only need to be escaped for pattern matching like +%% statement +escape_like(S) when is_list(S) -> + [escape_like(C) || C <- S]; +escape_like($%) -> "\\%"; +escape_like($_) -> "\\_"; +escape_like(C) -> escape(C). %%%---------------------------------------------------------------------- -- cgit v1.2.3