void escapeString (char **victim) { char *tmpStr = (char*)malloc(sizeof(char)*((strlen(*victim)*2)+1)); mysql_real_escape_string(mysql_conn, tmpStr, *victim, strlen(*victim)); free (*victim); *victim=strdup(tmpStr); free (tmpStr); }
// unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql, // char *to, const char *from, // unsigned long length); static IDL_VPTR IDL_mg_mysql_real_escape_string(int argc, IDL_VPTR *argv) { unsigned long length; IDL_ENSURE_ARRAY(argv[1]) IDL_ENSURE_ARRAY(argv[2]) length = mysql_real_escape_string((MYSQL *)argv[0]->value.ptrint, (char *) argv[1]->value.arr->data, (char *) argv[2]->value.arr->data, IDL_ULong64Scalar(argv[3])); return IDL_GettmpULong64(length); }
char *db_clean_string(YAAMP_DB *db, char *string) { string[1000] = 0; char tmp[1024]; unsigned long ret = mysql_real_escape_string(&db->mysql, tmp, string, strlen(string)); strcpy(string, tmp); return string; }
/** * Escapes special characters in a string for use in a SQL statement */ static int Lmysql_real_escape_string (lua_State *L) { lua_mysql_conn *my_conn = Mget_conn (L); const char *unescaped_string = luaL_checkstring (L, 2); unsigned long st_len = strlen(unescaped_string); char to[st_len*2+1]; mysql_real_escape_string(my_conn->conn, to, unescaped_string, st_len); lua_pushstring(L, to); return 1; }
char *fdb_escape_string(fdb_t *fdb, const char *str) { size_t n = strlen(str); char *buf = calloc(1, n); if (buf == NULL) return NULL; mysql_real_escape_string(fdb->conn, buf, str, n); return buf; }
/* Insert an event in the backend */ void apm_driver_mysql_process_event(PROCESS_EVENT_ARGS) { char *filename_esc = NULL, *msg_esc = NULL, *trace_esc = NULL, *sql = NULL; int filename_len = 0, msg_len = 0, trace_len = 0; MYSQL *connection; apm_driver_mysql_insert_request(); MYSQL_INSTANCE_INIT if (error_filename) { filename_len = strlen(error_filename); filename_esc = emalloc(filename_len * 2 + 1); filename_len = mysql_real_escape_string(connection, filename_esc, error_filename, filename_len); } if (msg) { msg_len = strlen(msg); msg_esc = emalloc(msg_len * 2 + 1); msg_len = mysql_real_escape_string(connection, msg_esc, msg, msg_len); } if (trace) { trace_len = strlen(trace); trace_esc = emalloc(trace_len * 2 + 1); trace_len = mysql_real_escape_string(connection, trace_esc, trace, trace_len); } sql = emalloc(135 + filename_len + msg_len + trace_len); sprintf( sql, "INSERT INTO event (request_id, type, file, line, message, backtrace) VALUES (@request_id, %d, '%s', %u, '%s', '%s')", type, error_filename ? filename_esc : "", error_lineno, msg ? msg_esc : "", trace ? trace_esc : ""); APM_DEBUG("[MySQL driver] Sending: %s\n", sql); if (mysql_query(connection, sql) != 0) APM_DEBUG("[MySQL driver] Error: %s\n", mysql_error(APM_MY_G(event_db))); efree(sql); efree(filename_esc); efree(msg_esc); efree(trace_esc); }
GString GSqlDatabase::EscapeString(const GString &Str) { char *str = Str.ToChar(); char *to = new char[Str.Size() * 2 + 1]; unsigned long nb = mysql_real_escape_string(&(this->_mysql), to, str, Str.Size()); delete[] str; GString res = GString::GetBuffer(to, nb); delete[] to; return (res); }
/** * Create a list of expandable variables from envp and possibly argv */ am_list_t * create_expandable_variable_list (MYSQL *mysql, const char *envp[], const char *argv[]){ time_t t; char *escaped_username = NULL; char *escaped_password = NULL; const char *username, *password; am_list_t *l = am_list_new (); if (l == NULL) return l; t = time (NULL); username = get_env ("username", envp); password = get_env ("password", envp); if (username != NULL){ escaped_username = (char *) am_malloc (sizeof(char) * (strlen (username) * 2 + 1)); mysql_real_escape_string (mysql, escaped_username, username, strlen (username)); } if (password != NULL){ escaped_password = (char *) am_malloc (sizeof(char) * (strlen (password) * 2 + 1)); mysql_real_escape_string (mysql, escaped_password, password, strlen (password)); } am_list_append (l, kvp_new_with_kv (EV_DUP ("time_now"), strdupf ("%d", t))); am_list_append (l, kvp_new_with_kv (EV_DUP ("username"), NULL_OR_DUP (username))); am_list_append (l, kvp_new_with_kv (EV_DUP ("password"), NULL_OR_DUP (password))); am_list_append (l, kvp_new_with_kv (EV_DUP ("escaped_username"), NULL_OR_DUP (escaped_username))); am_list_append (l, kvp_new_with_kv (EV_DUP ("escaped_password"), NULL_OR_DUP (escaped_password))); am_list_append (l, kvp_new_with_kv (EV_DUP ("trusted_port"), NULL_OR_DUP (get_env ("trusted_port", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("trusted_ip"), NULL_OR_DUP (get_env ("trusted_ip", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("time_unix"), NULL_OR_DUP (get_env ("time_unix", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("ifconfig_pool_remote_ip"), NULL_OR_DUP (get_env ("ifconfig_pool_remote_ip", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("ifconfig_pool_local_ip"), NULL_OR_DUP (get_env ("ifconfig_pool_local_ip", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("ifconfig_local"), NULL_OR_DUP (get_env ("ifconfig_local", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("time_duration"), NULL_OR_DUP (get_env ("time_duration", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("bytes_sent"), NULL_OR_DUP (get_env ("bytes_sent", envp)))); am_list_append (l, kvp_new_with_kv (EV_DUP ("bytes_received"), NULL_OR_DUP (get_env ("bytes_received", envp)))); am_free (escaped_username); am_free (escaped_password); return l; }
//------------------------------------------------------------------------------------- bool KBEEmailVerificationTableMysql::logAccount(DBInterface * dbi, int8 type, const std::string& name, const std::string& datas, const std::string& code) { std::string sqlstr = "insert into kbe_email_verification (accountName, type, datas, code, logtime) values("; char* tbuf = new char[MAX_BUF * 3]; mysql_real_escape_string(static_cast<DBInterfaceMysql*>(dbi)->mysql(), tbuf, name.c_str(), name.size()); sqlstr += "\""; sqlstr += tbuf; sqlstr += "\","; kbe_snprintf(tbuf, MAX_BUF, "%d,", type); sqlstr += tbuf; mysql_real_escape_string(static_cast<DBInterfaceMysql*>(dbi)->mysql(), tbuf, datas.c_str(), datas.size()); sqlstr += "\""; sqlstr += tbuf; sqlstr += "\","; mysql_real_escape_string(static_cast<DBInterfaceMysql*>(dbi)->mysql(), tbuf, code.c_str(), code.size()); sqlstr += "\""; sqlstr += tbuf; sqlstr += "\","; kbe_snprintf(tbuf, MAX_BUF, "%"PRTime, time(NULL)); sqlstr += tbuf; sqlstr += ")"; SAFE_RELEASE_ARRAY(tbuf); if(!dbi->query(sqlstr.c_str(), sqlstr.size(), false)) return false; return true; }
std::string MySQL::Escape(const std::string &str) { char *tmp = new char[str.length() * 2 + 1]; this->mtx.lock(); mysql_real_escape_string(this->con, tmp, str.c_str(), str.length()); this->mtx.unlock(); std::string retStr(tmp); delete [] tmp; return retStr; }
int sqon_escape (sqon_DatabaseServer *srv, const char *in, char **out, bool quote) { int rc = 0; bool connected = srv->isopen; size_t extra = 1 + quote ? 2 : 0; char *temp = sqon_malloc ((strlen (in) * 2 + extra) * sizeof (char)); if (NULL == temp) return SQON_MEMORYERROR; if (!connected) { rc = sqon_connect (srv); if (rc) { sqon_free (temp); return SQON_CONNECTERR; } } union { unsigned long ul; } written; switch (srv->type) { case SQON_DBCONN_MYSQL: written.ul = mysql_real_escape_string (srv->com, temp, in, strlen (in)); written.ul += quote ? 3 : 1; *out = sqon_malloc (written.ul * sizeof (char)); if (NULL == *out) { rc = SQON_MEMORYERROR; break; } if (quote) snprintf (*out, written.ul, "'%s'", temp); else strcpy (*out, temp); break; default: rc = SQON_UNSUPPORTED; break; } if (!connected) sqon_close (srv); sqon_free (temp); return rc; }
int query_record_from_db(const char* pcszChinese, int nDelete){ MYSQL_RES* res; MYSQL_ROW row; char szQueryStatement[MAX_SQL_LEN2]; char szChinese[MAX_CHINESE_LEN]; if (strlen(pcszChinese) >= 1000 ){ write_log(LT_FILE, "Too long when get translate\n" "Chinese string: %s\n", pcszChinese); return 0; } mysql_real_escape_string(g_myData, szChinese, pcszChinese, (int)strlen(pcszChinese)); sprintf(szQueryStatement, SQL_QUERY_CHINESE, g_dbInfo.szTable, szChinese); if ( mysql_query( g_myData, szQueryStatement )){ write_log(LT_BOTH, "Error: %s, ErrNo: %d\n", mysql_error(g_myData), mysql_errno(g_myData)); write_log(LT_BOTH, "Failed: when query \"%s\"!\n", szQueryStatement); return 0; } res = mysql_store_result( g_myData ); row = mysql_fetch_row( res ); if ( row == NULL ){ write_log(LT_BOTH, "Error: Can't fetch result row," "when query \"%s\"!\n", szQueryStatement); return 0; } if ( row[1][0] != '\0' ) write_log(LT_BOTH, "Its translate: %s", row[1]); mysql_free_result( res ); if ( nDelete == 1 ){ sprintf(szQueryStatement, SQL_DELETE_STR, g_dbInfo.szTable, szChinese); if ( mysql_query( g_myData, szQueryStatement )){ write_log(LT_BOTH, "Error: %s, ErrNo: %d\n", mysql_error(g_myData), mysql_errno(g_myData)); write_log(LT_BOTH, "Failed: when delete \"%s\"!\n", szQueryStatement); return 0; } } return 1; }
/* * server doesn't reset sql_mode after COM_CHANGE_USER */ int bug_41785(MYSQL *mysql) { char out[10]; int rc, len; len= mysql_real_escape_string(mysql, out, "\\", 1); FAIL_IF(len != 2, "len != 2"); rc= mysql_query(mysql, "SET SQL_MODE=NO_BACKSLASH_ESCAPES"); check_mysql_rc(rc, mysql); rc= mysql_query(mysql, "SET sql_mode=''"); check_mysql_rc(rc, mysql); mysql_change_user(mysql, "root", "", "test"); len= mysql_real_escape_string(mysql, out, "\\", 1); FAIL_IF(len != 2, "len != 2"); return OK; }
string Database::EscapeString(const char * esc, DatabaseConnection * con) { char a2[16384] = {0}; const char * ret; if(mysql_real_escape_string(con->conn, a2, (char*)esc, (unsigned long)strlen(esc)) == 0) ret = esc; else ret = a2; return string(ret); }
std::string CSql::escape( const void *ptr, const int32 size ) { if ( m_hSql == NULL || ptr == NULL || size <= 0 ) return std::string(); std::string buff( size * 4 + 1, '\0' ); mysql_real_escape_string( m_hSql, &buff[0], (char*)ptr, size ); return buff; }
static char *escape(void *handle, const char *value, long *vlen) { struct mysql_backend *conf = (struct mysql_backend *)handle; char *v; *vlen = strlen(value) * 2 + 1; if ((v = malloc(*vlen)) == NULL) return (NULL); mysql_real_escape_string(conf->mysql, v, value, strlen(value)); return (v); }
/** escape : 'connection -> string -> string <doc>Escape the string for inserting into a SQL request</doc> **/ static value escape( value o, value s ) { int len; value sout; val_check_kind(o,k_connection); val_check(s,string); len = val_strlen(s) * 2; sout = alloc_empty_string(len); len = mysql_real_escape_string(CNX(o)->m,val_string(sout),val_string(s),val_strlen(s)); val_set_length(sout,len); return sout; }
string MySQLConnection::EscapeString(string Escape) { char a2[16384] = {0}; const char * ret; if(mysql_real_escape_string(handle, a2, Escape.c_str(), (unsigned long)Escape.length()) == 0) ret = Escape.c_str(); else ret = a2; return string(ret); }
void DBConn::escapeString(const char *s, int len, std::string &out) { assert(s); assert(isOpened()); if (len) { char *buffer = (char*)malloc(len * 2 + 1); mysql_real_escape_string(m_conn, buffer, s, len); out = buffer; free(buffer); } }
string MySqlConn::escape(const string &s) { if (!m_bConnected) { connect(); } string r; r.resize(s.size() * 2 + 1); mysql_real_escape_string(m_mysql, &r[0], s.c_str(), s.size()); r.resize(strlen(r.c_str())); return r; }
strlist * getActors(char* movie){ char * query = malloc(sizeof(char)*128); memset(query, 0, sizeof(char) * 128); char * escape = malloc(sizeof(char)*64); memset(escape, 0, sizeof(char) * 64); mysql_real_escape_string(con,escape,movie,strlen(movie)); sprintf(query,"SELECT actor_name FROM actor_tbl WHERE movie_name = '%s'",escape); //printf("%s\n",query); if (mysql_query(con, query)) { finish_with_error(con); } free(escape); free(query); MYSQL_RES *result = mysql_store_result(con); if (result == NULL) { finish_with_error(con); } //int num_rows = mysql_num_rows(result); strlist *actors = malloc(sizeof(strlist)); MYSQL_ROW row; int i =0; while ((row = mysql_fetch_row(result))) { actors->items[i]=malloc(sizeof(char)*65); memset(actors->items[i],0,sizeof(char)*65); strcpy(actors->items[i],row[0] ? row[0] : "NULL"); //printf("Actor Res:%i ,%s\n", i,actors->items[i]); i++; if(i>=MAX){ break; } } mysql_free_result(result); actors->len = i; return actors; }
unsigned long mysql_do_out_escape_string ( char **to, const char *from, unsigned long length ) { if ( !from ) return 0; if ( strlen ( from ) == 0 ) return 0; return mysql_real_escape_string ( outdb, *to, from, length ); }
RakNet::RakString MySQLInterface::GetEscapedString(const char *input) const { unsigned long len = (unsigned long) strlen(input); char *fn = new char [len*2+1]; mysql_real_escape_string(mySqlConnection, fn, input, len); RakNet::RakString output; // Use assignment so it doesn't parse printf escape strings output = fn; delete [] fn; return output; }
std::string MySQLDatabase::EscapeString(const char* esc, DatabaseConnection* con) { char a2[16384] = { 0 }; const char* ret; if(mysql_real_escape_string(static_cast<MySQLDatabaseConnection*>(con)->MySql, a2, (char*)esc, (unsigned long)strlen(esc)) == 0) ret = esc; else ret = a2; return std::string(ret); }
std::string MySQLQuery::escape(const std::string& raw) { if (!conn_) { LOG_WARN("event=[mysqlquery] type=[execute] status=[invalid]"); return ""; } std::unique_ptr<char[]> escaped_string( new char[raw.size() << 1 + 1]); int size = mysql_real_escape_string(conn_->handler(), escaped_string.get(), raw.c_str(), raw.size()); return std::string(escaped_string.get(), size); }
char* encNodeGetContent (xmlNodePtr curNode) { xmlChar* tmpStr; char *retVal = NULL; if ( ( tmpStr = xmlNodeGetContent(curNode)) != NULL ) { retVal = (char*)malloc(sizeof(char)* (xmlStrlen(tmpStr)*2+1)); mysql_real_escape_string(mysql_conn, retVal, (char*)tmpStr, xmlStrlen(tmpStr)); xmlFree (tmpStr); } return (retVal); }
std::string CMySql::escape_string(const char * s, size_t length) { if(!_bIsConn) Connect(); char * p = new char[length * 2+1]; char * pp = p; pp += mysql_real_escape_string(_Mysql, pp, s, length); std::string s1(p,pp-p); delete[] p; return s1; }
//NOT THREAD SAFE! Const_char *EQDB::escape_string(Const_char *from) { int len = strlen(from); char *res = new char[len*2+1]; mysql_real_escape_string(mysql_ref,res,from,len); res[len*2] = '\0'; m_escapeBuffer = res; delete[] res; return(m_escapeBuffer.c_str()); }
static char *_mysql_escape(void *conn, char **to, const char *from, size_t fromlen) { size_t tolen; *to = xrealloc(*to, 2 * fromlen + 1); /* +1 for NUL */ tolen = mysql_real_escape_string(conn, *to, from, fromlen); return *to; }
void string_my_escape (MYSQL * myh, string_t * str, const char *str2) { int l; l = strlen (str2); if (str->size < (2 * l + 1)) { str->size = (1 + ((2 * l + 1) / STRING_BLOCK_SIZE)) * STRING_BLOCK_SIZE; str->str = realloc (str->str, str->size * sizeof *str->str); } str->len = mysql_real_escape_string (myh, str->str, str2, l); }