From f91f023da84a6ff163f3c9933ff30c100f14910a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjetil=20=C3=98rbekk?= Date: Thu, 14 Aug 2008 14:48:43 +0200 Subject: - Escaping string when querying sqlite --- src/mfs_subr.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/src/mfs_subr.c b/src/mfs_subr.c index 26daa52..ab847f7 100644 --- a/src/mfs_subr.c +++ b/src/mfs_subr.c @@ -323,6 +323,35 @@ mfs_lookup_start(int field, void *data, lookup_fn_t *fn, const char *query) return (lh); } +/* + * Returns a new string, which is a copy of str, except that all "\'"s + * are replaced with "'". (Needed for fetching rows containing ' in + * the sqlite, since we are passed "\'" from FUSE) + */ +char * +mfs_escape_sqlstring(const char *str) +{ + char *p, *escaped; + const char *q; + + int len = strlen(str) + 1; + escaped = malloc(sizeof(char) * len); + + p = escaped; + q = str; + + while (*q != '\0') { + if (*q == '\\' && q[1] == '\'') { + q++; + } + *p = *q; + p++; q++; + } + *p = '\0'; + + return escaped; +} + /* * Insert data that should be searched for in the list. The data is assumed to * be dynamically allocated, and will be free'd when mfs_lookup_finish is called! @@ -330,13 +359,15 @@ mfs_lookup_start(int field, void *data, lookup_fn_t *fn, const char *query) void mfs_lookup_insert(struct lookuphandle *lh, void *data, int type) { - char *str; + char *str, *escaped; int val; switch (type) { case LIST_DATATYPE_STRING: str = (char *)data; - sqlite3_bind_text(lh->st, lh->count++, str, -1, free); + escaped = mfs_escape_sqlstring(str); + free(str); + sqlite3_bind_text(lh->st, lh->count++, escaped, -1, free); break; case LIST_DATATYPE_INT: val = *((int *)data); -- cgit v1.2.3