Added support for SQL escaping a binary DataBlock.

Replacing with SQL escaping a NamedPointer parameter of a NamedList that holds a DataBlock will insert the escaped binary data instead. git-svn-id: http://yate.null.ro/svn/yate/trunk@2475 acf43c95-373e-0410-b603-e72c3f656dc1
2009-02-06 19:37:01 +00:00 · 2009-02-06 19:37:01 +00:00 · 2c3dd2bc2a
parent 69f5a20772
commit 2c3dd2bc2a
3 changed files with 46 additions and 3 deletions
--- a/engine/DataBlock.cpp
+++ b/engine/DataBlock.cpp
@ -332,4 +332,24 @@ bool DataBlock::unHexify(const char* data, unsigned int len, char sep)
    return (iBuf >= n);
 }

+String DataBlock::sqlEscape(char extraEsc) const
+{
+    unsigned int len = m_length;
+    unsigned int i;
+    for (i = 0; i < m_length; i++) {
+	char c = static_cast<char*>(m_data)[i];
+	if (c == '\0' || c == '\\' || c == '\'' || c == extraEsc)
+	    len++;
+    }
+    String tmp(' ',len);
+    char* d = const_cast<char*>(tmp.c_str());
+    for (i = 0; i < m_length; i++) {
+	char c = static_cast<char*>(m_data)[i];
+	if (c == '\0' || c == '\\' || c == '\'' || c == extraEsc)
+	    *d++ = '\\';
+	*d++ = c ? c : '0';
+    }
+    return tmp;
+}
+
 /* vi: set ts=8 sw=4 sts=4 noet: */
--- a/engine/NamedList.cpp
+++ b/engine/NamedList.cpp
@ -260,9 +260,25 @@ int NamedList::replaceParams(String& str, bool sqlEsc, char extraEsc) const
 	    String tmp = str.substr(p1+2,p2-p1-2);
 	    tmp.trimBlanks();
 	    DDebug(DebugAll,"NamedList replacing parameter '%s' [%p]",tmp.c_str(),this);
-	    tmp = getValue(tmp);
-	    if (sqlEsc)
-		tmp = tmp.sqlEscape(extraEsc);
+	    const NamedString* ns = getParam(tmp);
+	    if (ns) {
+		if (sqlEsc) {
+		    const DataBlock* data = 0;
+		    if (ns->null()) {
+			NamedPointer* np = YOBJECT(NamedPointer,ns);
+			if (np)
+			    data = YOBJECT(DataBlock,np->userData());
+		    }
+		    if (data)
+			tmp = data->sqlEscape(extraEsc);
+		    else
+			tmp = ns->sqlEscape(extraEsc);
+		}
+		else
+		    tmp = *ns;
+	    }
+	    else
+		tmp.clear();
 	    str = str.substr(0,p1) + tmp + str.substr(p2+1);
 	    // advance search offset past the string we just replaced
 	    p1 += tmp.length();
--- a/yateclass.h
+++ b/yateclass.h
@ -2862,6 +2862,13 @@ public:
     */
    bool unHexify(const char* data, unsigned int len, char sep = 0);

+    /**
+     * Create an escaped string suitable for use in SQL queries
+     * @param extraEsc Character to escape other than the default ones
+     * @return A string with binary zeros and other special characters escaped
+     */
+    String sqlEscape(char extraEsc) const;
+
 private:
    void* m_data;
    unsigned int m_length;