Return-Path: X-Original-To: apmail-apr-dev-archive@www.apache.org Delivered-To: apmail-apr-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 664588F9F for ; Wed, 7 Sep 2011 09:17:58 +0000 (UTC) Received: (qmail 242 invoked by uid 500); 7 Sep 2011 09:17:56 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 99743 invoked by uid 500); 7 Sep 2011 09:17:49 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 99674 invoked by uid 99); 7 Sep 2011 09:17:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Sep 2011 09:17:45 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [85.158.183.214] (HELO server687-han.de-nserver.de) (85.158.183.214) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Sep 2011 09:17:39 +0000 Received: (qmail 24257 invoked from network); 7 Sep 2011 11:17:16 +0200 Received: from p5DC023DC.dip.t-dialin.net (HELO [192.168.0.1]) (93.192.35.220) (smtp-auth username stefan.ruppert@myarm.com, mechanism plain) by server687-han.de-nserver.de (qpsmtpd/0.82) with (AES256-SHA encrypted) ESMTPSA; Wed, 07 Sep 2011 11:17:16 +0200 Message-ID: <4E67369A.4030105@myarm.com> Date: Wed, 07 Sep 2011 11:17:14 +0200 From: Stefan Ruppert User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20110818 Icedove/3.0.11 MIME-Version: 1.0 To: dev@apr.apache.org Subject: [PATCH] apr_dbd_oracle.c escape string implementation Content-Type: multipart/mixed; boundary="------------050909010905010100060302" X-User-Auth: Auth by stefan.ruppert@myarm.com through 93.192.35.220 This is a multi-part message in MIME format. --------------050909010905010100060302 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Hi all, today we got an error by using the APR DBD oracle driver with a string containing a single quote. Attached is a patch which implements a simple quoting mechanism for the oracle driver. It does not make use of oracle special quoting mechanism as introduced in 10g q'' but it escapes any single quote with an additional single quote. Regards, Stefan -- Stefan Ruppert MyARM GmbH, Altk�nigstr. 7, 65830 Kriftel, Germany Phone: +49 6192/9772818 Web: http://www.myarm.com --------------050909010905010100060302 Content-Type: text/x-patch; name="apr_dbd_oracle.c.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="apr_dbd_oracle.c.patch" --- apr_dbd_oracle-old.c 2011-09-07 10:59:37.000000000 +0200 +++ apr_dbd_oracle.c 2011-09-07 10:49:00.000000000 +0200 @@ -863,7 +863,30 @@ static const char *dbd_oracle_escape(apr_pool_t *pool, const char *arg, apr_dbd_t *sql) { - return arg; /* OCI has no concept of string escape */ + /* we need to quote the string if there is a single quote in the string.*/ + if(strchr(arg, '\'') == 0) { + return arg; + } else { + size_t len = strlen(arg); + const char *cptr = arg; + char *ret; + char *ptr; + /* count single quotes */ + while(*cptr != '\0') { + if(*cptr++ == '\'') + ++len; + } + ret = ptr = apr_palloc(pool, len + 1); + /* copy string and adding an additional quote for each single quote */ + while(*arg != '\0') { + if(*arg == '\'') { + *ptr++ = '\''; + } + *ptr++ = *arg++; + } + *ptr = '\0'; + return ret; + } } static int dbd_oracle_prepare(apr_pool_t *pool, apr_dbd_t *sql, --------------050909010905010100060302--