diff options
author | Kjetil Ørbekk <orbekk@pvv.ntnu.no> | 2008-08-14 14:48:43 +0200 |
---|---|---|
committer | Kjetil Ørbekk <orbekk@pvv.ntnu.no> | 2008-08-14 14:48:43 +0200 |
commit | f91f023da84a6ff163f3c9933ff30c100f14910a (patch) | |
tree | 99c4aefef7bd4f27bd8f766894d27d9eb8ba1f1a | |
parent | bf9c78e314c9a33d56333546fdb78ea0d765821d (diff) |
- Escaping string when querying sqlite
-rw-r--r-- | src/mfs_subr.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/src/mfs_subr.c b/src/mfs_subr.c index 26daa52..ab847f7 100644 --- a/src/mfs_subr.c +++ b/src/mfs_subr.c @@ -324,19 +324,50 @@ mfs_lookup_start(int field, void *data, lookup_fn_t *fn, const char *query) } /* + * Returns a new string, which is a copy of str, except that all "\'"s + * are replaced with "'". (Needed for fetching rows containing ' in + * the sqlite, since we are passed "\'" from FUSE) + */ +char * +mfs_escape_sqlstring(const char *str) +{ + char *p, *escaped; + const char *q; + + int len = strlen(str) + 1; + escaped = malloc(sizeof(char) * len); + + p = escaped; + q = str; + + while (*q != '\0') { + if (*q == '\\' && q[1] == '\'') { + q++; + } + *p = *q; + p++; q++; + } + *p = '\0'; + + return escaped; +} + +/* * Insert data that should be searched for in the list. The data is assumed to * be dynamically allocated, and will be free'd when mfs_lookup_finish is called! */ void mfs_lookup_insert(struct lookuphandle *lh, void *data, int type) { - char *str; + char *str, *escaped; int val; switch (type) { case LIST_DATATYPE_STRING: str = (char *)data; - sqlite3_bind_text(lh->st, lh->count++, str, -1, free); + escaped = mfs_escape_sqlstring(str); + free(str); + sqlite3_bind_text(lh->st, lh->count++, escaped, -1, free); break; case LIST_DATATYPE_INT: val = *((int *)data); |