[svn-commits] mjordan: branch 11 r432720 - /branches/11/res/res_config_odbc.c

Tue, 10 Mar 2015 14:34:02 -0700 

Author: mjordan
Date: Tue Mar 10 16:32:25 2015
New Revision: 432720

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=432720
Log:
res/res_config_odbc: Fix improper escaping of backslashes with MySQL

When escaping backslashes with MySQL, the proper way to escape the characters
in a LIKE clause is to escape the '\' four times, i.e., '\\\\'. To quote the
MySQL manual:

"Because MySQL uses C escape syntax in strings (for example, “\n” to represent
a newline character), you must double any “\” that you use in LIKE strings.
For example, to search for “\n”, specify it as “\\n”. To search for “\”,
specify it as “\\\\”; this is because the backslashes are stripped once by the
parser and again when the pattern match is made, leaving a single backslash to
be matched against."

ASTERISK-24808 #close
Reported by: Javier Acosta
patches:
  res_config_odbc.diff uploaded by Javier Acosta (License 6690)

Modified:
    branches/11/res/res_config_odbc.c

Modified: branches/11/res/res_config_odbc.c
URL: 
http://svnview.digium.com/svn/asterisk/branches/11/res/res_config_odbc.c?view=diff&rev=432720&r1=432719&r2=432720
==============================================================================
--- branches/11/res/res_config_odbc.c (original)
+++ branches/11/res/res_config_odbc.c Tue Mar 10 16:32:25 2015
@@ -209,11 +209,11 @@
        va_arg(aq, const char *);
        op = !strchr(newparam, ' ') ? " =" : "";
        snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, 
newparam, op,
-               strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+               strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
        while((newparam = va_arg(aq, const char *))) {
                op = !strchr(newparam, ' ') ? " =" : "";
                snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND 
%s%s ?%s", newparam, op,
-                       strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+                       strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
                va_arg(aq, const char *);
        }
        va_end(aq);
@@ -385,11 +385,11 @@
        va_arg(aq, const char *);
        op = !strchr(newparam, ' ') ? " =" : "";
        snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, 
newparam, op,
-               strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+               strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
        while((newparam = va_arg(aq, const char *))) {
                op = !strchr(newparam, ' ') ? " =" : "";
                snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND 
%s%s ?%s", newparam, op,
-                       strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+                       strcasestr(newparam, "LIKE") && 
!ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
                va_arg(aq, const char *);
        }
        va_end(aq);


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

svn-commits mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/svn-commits

Reply via email to