[asterisk-addons-commits] tilghman: branch 1.6.2 r1150 - in /branches/1.6.2: cdr/ res/
SVN commits to the Asterisk addons project
asterisk-addons-commits at lists.digium.com
Tue May 3 19:05:51 CDT 2011
Author: tilghman
Date: Tue May 3 19:05:45 2011
New Revision: 1150
URL: http://svnview.digium.com/svn/asterisk-addons?view=rev&rev=1150
Log:
Quote column names, in case they contain special characters like '-' or are reserved words.
(closes issue #19063)
Reported by: festr
Patches:
patch uploaded by festr (license 443)
Modified:
branches/1.6.2/cdr/cdr_addon_mysql.c
branches/1.6.2/res/res_config_mysql.c
Modified: branches/1.6.2/cdr/cdr_addon_mysql.c
URL: http://svnview.digium.com/svn/asterisk-addons/branches/1.6.2/cdr/cdr_addon_mysql.c?view=diff&rev=1150&r1=1149&r2=1150
==============================================================================
--- branches/1.6.2/cdr/cdr_addon_mysql.c (original)
+++ branches/1.6.2/cdr/cdr_addon_mysql.c Tue May 3 19:05:45 2011
@@ -298,7 +298,7 @@
ast_str_make_space(&escape, (valsz = strlen(value)) * 2 + 1);
mysql_real_escape_string(&mysql, ast_str_buffer(escape), value, valsz);
- ast_str_append(&sql1, 0, "%s", entry->name);
+ ast_str_append(&sql1, 0, "`%s`", entry->name);
ast_str_append(&sql2, 0, "'%s'", ast_str_buffer(escape));
}
}
Modified: branches/1.6.2/res/res_config_mysql.c
URL: http://svnview.digium.com/svn/asterisk-addons/branches/1.6.2/res/res_config_mysql.c?view=diff&rev=1150&r1=1149&r2=1150
==============================================================================
--- branches/1.6.2/res/res_config_mysql.c (original)
+++ branches/1.6.2/res/res_config_mysql.c Tue May 3 19:05:45 2011
@@ -601,7 +601,7 @@
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
ESCAPE_STRING(buf, newval);
- ast_str_set(&sql, 0, "UPDATE %s SET %s = '%s'", tablename, newparam, ast_str_buffer(buf));
+ ast_str_set(&sql, 0, "UPDATE %s SET `%s` = '%s'", tablename, newparam, ast_str_buffer(buf));
/* If the column length isn't long enough, give a chance to lengthen it. */
if (strncmp(column->type, "char", 4) == 0 || strncmp(column->type, "varchar", 7) == 0) {
@@ -618,7 +618,7 @@
}
ESCAPE_STRING(buf, newval);
- ast_str_append(&sql, 0, ", %s = '%s'", newparam, ast_str_buffer(buf));
+ ast_str_append(&sql, 0, ", `%s` = '%s'", newparam, ast_str_buffer(buf));
/* If the column length isn't long enough, give a chance to lengthen it. */
if (strncmp(column->type, "char", 4) == 0 || strncmp(column->type, "varchar", 7) == 0) {
@@ -628,7 +628,7 @@
va_end(ap);
ESCAPE_STRING(buf, lookup);
- ast_str_append(&sql, 0, " WHERE %s = '%s'", keyfield, ast_str_buffer(buf));
+ ast_str_append(&sql, 0, " WHERE `%s` = '%s'", keyfield, ast_str_buffer(buf));
ast_debug(1, "MySQL RealTime: Update SQL: %s\n", ast_str_buffer(sql));
@@ -713,7 +713,7 @@
return -1;
}
ESCAPE_STRING(buf, newval);
- ast_str_append(&where, 0, "%s %s='%s'", first ? "" : " AND", newparam, ast_str_buffer(buf));
+ ast_str_append(&where, 0, "%s `%s`='%s'", first ? "" : " AND", newparam, ast_str_buffer(buf));
first = 0;
/* If the column length isn't long enough, give a chance to lengthen it. */
@@ -738,7 +738,7 @@
}
ESCAPE_STRING(buf, newval);
- ast_str_append(&sql, 0, "%s %s = '%s'", first ? "" : ",", newparam, ast_str_buffer(buf));
+ ast_str_append(&sql, 0, "%s `%s` = '%s'", first ? "" : ",", newparam, ast_str_buffer(buf));
first = 0;
/* If the column length isn't long enough, give a chance to lengthen it. */
@@ -811,7 +811,7 @@
/* Create the first part of the query using the first parameter/value pairs we just extracted
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
ESCAPE_STRING(buf, newval);
- ast_str_set(&sql, 0, "INSERT INTO %s (%s", table, newparam);
+ ast_str_set(&sql, 0, "INSERT INTO %s (`%s`", table, newparam);
ast_str_set(&sql2, 0, ") VALUES ('%s'", ast_str_buffer(buf));
internal_require(database, table, newparam, RQ_CHAR, valsz, SENTINEL);
@@ -824,7 +824,7 @@
ast_str_reset(buf);
}
if (internal_require(database, table, newparam, RQ_CHAR, valsz, SENTINEL) == 0) {
- ast_str_append(&sql, 0, ", %s", newparam);
+ ast_str_append(&sql, 0, ", `%s`", newparam);
ast_str_append(&sql2, 0, ", '%s'", ast_str_buffer(buf));
}
}
@@ -891,11 +891,11 @@
/* Create the first part of the query using the first parameter/value pairs we just extracted
If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
ESCAPE_STRING(buf, lookup);
- ast_str_set(&sql, 0, "DELETE FROM %s WHERE %s = '%s'", table, keyfield, ast_str_buffer(buf));
+ ast_str_set(&sql, 0, "DELETE FROM %s WHERE `%s` = '%s'", table, keyfield, ast_str_buffer(buf));
while ((newparam = va_arg(ap, const char *))) {
newval = va_arg(ap, const char *);
ESCAPE_STRING(buf, newval);
- ast_str_append(&sql, 0, " AND %s = '%s'", newparam, ast_str_buffer(buf));
+ ast_str_append(&sql, 0, " AND `%s` = '%s'", newparam, ast_str_buffer(buf));
}
va_end(ap);
@@ -1071,7 +1071,7 @@
res = -1;
break;
}
- ast_str_set(&sql, 0, "ALTER TABLE %s MODIFY %s %s", tablename, column->name, ast_str_buffer(typestr));
+ ast_str_set(&sql, 0, "ALTER TABLE %s MODIFY `%s` %s", tablename, column->name, ast_str_buffer(typestr));
if (!column->null) {
ast_str_append(&sql, 0, " NOT NULL");
}
More information about the asterisk-addons-commits
mailing list