Author: mjordan Date: Tue Mar 10 16:33:40 2015 New Revision: 432721 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=432721 Log: res/res_config_odbc: Fix improper escaping of backslashes with MySQL
When escaping backslashes with MySQL, the proper way to escape the characters in a LIKE clause is to escape the '\' four times, i.e., '\\\\'. To quote the MySQL manual: "Because MySQL uses C escape syntax in strings (for example, “\n” to represent a newline character), you must double any “\” that you use in LIKE strings. For example, to search for “\n”, specify it as “\\n”. To search for “\”, specify it as “\\\\”; this is because the backslashes are stripped once by the parser and again when the pattern match is made, leaving a single backslash to be matched against." ASTERISK-24808 #close Reported by: Javier Acosta patches: res_config_odbc.diff uploaded by Javier Acosta (License 6690) ........ Merged revisions 432720 from http://svn.asterisk.org/svn/asterisk/branches/11 Modified: branches/13/ (props changed) branches/13/res/res_config_odbc.c Propchange: branches/13/ ------------------------------------------------------------------------------ Binary property 'branch-11-merged' - no diff available. Modified: branches/13/res/res_config_odbc.c URL: http://svnview.digium.com/svn/asterisk/branches/13/res/res_config_odbc.c?view=diff&rev=432721&r1=432720&r2=432721 ============================================================================== --- branches/13/res/res_config_odbc.c (original) +++ branches/13/res/res_config_odbc.c Tue Mar 10 16:33:40 2015 @@ -198,11 +198,11 @@ op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); while ((field = field->next)) { op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); } if (ast_string_field_init(&cps, 256)) { @@ -360,11 +360,11 @@ op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); while ((field = field->next)) { op = !strchr(field->name, ' ') ? " =" : ""; snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", field->name, op, - strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : ""); + strcasestr(field->name, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : ""); } snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ORDER BY %s", initfield); -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
