On 07.09.2011 13:26, Jeff Trawick wrote:
On Wed, Sep 7, 2011 at 5:17 AM, Stefan Ruppert<[email protected]> wrote:
Hi all,
today we got an error by using the APR DBD oracle driver with a string
containing a single quote. Attached is a patch which implements a simple
quoting mechanism for the oracle driver. It does not make use of oracle
special quoting mechanism as introduced in 10g q'<string>' but it escapes
any single quote with an additional single quote.
Please update the patch to avoid tab characters, include a space
within "if(", "while(", etc., and in general format the code like the
rest of the file (I hope this file isn't an odd one ;) ).
If nobody jumps on this patch soon, open a bug with the patch so that
it isn't forgotten.
Ok, here is the revised patch according to tabs vs spaces and apr coding
style ;-)
Stefan
--
Stefan Ruppert <[email protected]>
MyARM GmbH, Altkönigstr. 7, 65830 Kriftel, Germany
Phone: +49 6192/9772818
Web: http://www.myarm.com
--- apr_dbd_oracle-old.c 2011-09-07 10:59:37.000000000 +0200
+++ apr_dbd_oracle.c 2011-09-07 13:49:13.000000000 +0200
@@ -863,7 +863,31 @@
static const char *dbd_oracle_escape(apr_pool_t *pool, const char *arg,
apr_dbd_t *sql)
{
- return arg; /* OCI has no concept of string escape */
+ /* we need to quote the string if there is a single quote in the string.*/
+ if (strchr(arg, '\'') == NULL) {
+ return arg;
+ }
+ else {
+ size_t len = strlen(arg);
+ const char *cptr = arg;
+ char *ret;
+ char *ptr;
+ /* count single quotes */
+ while (*cptr != '\0') {
+ if (*cptr++ == '\'')
+ ++len;
+ }
+ ret = ptr = apr_palloc(pool, len + 1);
+ /* copy string and adding an additional quote for each single quote */
+ while (*arg != '\0') {
+ if (*arg == '\'') {
+ *ptr++ = '\'';
+ }
+ *ptr++ = *arg++;
+ }
+ *ptr = '\0';
+ return ret;
+ }
}
static int dbd_oracle_prepare(apr_pool_t *pool, apr_dbd_t *sql,
