Example #1
0
void escapeString (char **victim)
{
	char *tmpStr = (char*)malloc(sizeof(char)*((strlen(*victim)*2)+1));

	mysql_real_escape_string(mysql_conn, tmpStr, *victim, strlen(*victim));

	free (*victim);
	*victim=strdup(tmpStr);
	free (tmpStr);
}
Example #2
0
// unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql,
//                                                char *to, const char *from,
//                                                unsigned long length);
static IDL_VPTR IDL_mg_mysql_real_escape_string(int argc, IDL_VPTR *argv) {
    unsigned long length;
    IDL_ENSURE_ARRAY(argv[1])
    IDL_ENSURE_ARRAY(argv[2])
    length = mysql_real_escape_string((MYSQL *)argv[0]->value.ptrint,
                                      (char *) argv[1]->value.arr->data,
                                      (char *) argv[2]->value.arr->data,
                                      IDL_ULong64Scalar(argv[3]));
    return IDL_GettmpULong64(length);
}
Example #3
0
char *db_clean_string(YAAMP_DB *db, char *string)
{
	string[1000] = 0;
	char tmp[1024];

    unsigned long ret = mysql_real_escape_string(&db->mysql, tmp, string, strlen(string));
    strcpy(string, tmp);

    return string;
}
Example #4
0
/**
* Escapes special characters in a string for use in a SQL statement
*/
static int Lmysql_real_escape_string (lua_State *L) {
    lua_mysql_conn *my_conn = Mget_conn (L);
    const char *unescaped_string = luaL_checkstring (L, 2);
    unsigned long st_len = strlen(unescaped_string);
    char to[st_len*2+1]; 

    mysql_real_escape_string(my_conn->conn, to, unescaped_string, st_len);
    lua_pushstring(L, to);
    return 1;
}
Example #5
0
File: fdb.c Project: kingiol/cmoon
char *fdb_escape_string(fdb_t *fdb, const char *str)
{
    size_t n = strlen(str);
    char *buf = calloc(1, n);
    if (buf == NULL) return NULL;

    mysql_real_escape_string(fdb->conn, buf, str, n);

    return buf;
}
Example #6
0
/* Insert an event in the backend */
void apm_driver_mysql_process_event(PROCESS_EVENT_ARGS)
{
	char *filename_esc = NULL, *msg_esc = NULL, *trace_esc = NULL, *sql = NULL;
	int filename_len = 0, msg_len = 0, trace_len = 0;
	MYSQL *connection;

	apm_driver_mysql_insert_request();

	MYSQL_INSTANCE_INIT

	if (error_filename) {
		filename_len = strlen(error_filename);
		filename_esc = emalloc(filename_len * 2 + 1);
		filename_len = mysql_real_escape_string(connection, filename_esc, error_filename, filename_len);
	}

	if (msg) {
		msg_len = strlen(msg);
		msg_esc = emalloc(msg_len * 2 + 1);
		msg_len = mysql_real_escape_string(connection, msg_esc, msg, msg_len);
	}

	if (trace) {
		trace_len = strlen(trace);
		trace_esc = emalloc(trace_len * 2 + 1);
		trace_len = mysql_real_escape_string(connection, trace_esc, trace, trace_len);
	}

	sql = emalloc(135 + filename_len + msg_len + trace_len);
	sprintf(
		sql,
		"INSERT INTO event (request_id, type, file, line, message, backtrace) VALUES (@request_id, %d, '%s', %u, '%s', '%s')",
		type, error_filename ? filename_esc : "", error_lineno, msg ? msg_esc : "", trace ? trace_esc : "");

	APM_DEBUG("[MySQL driver] Sending: %s\n", sql);
	if (mysql_query(connection, sql) != 0)
		APM_DEBUG("[MySQL driver] Error: %s\n", mysql_error(APM_MY_G(event_db)));

	efree(sql);
	efree(filename_esc);
	efree(msg_esc);
	efree(trace_esc);
}
GString			GSqlDatabase::EscapeString(const GString &Str)
{
	char *str = Str.ToChar();
	char *to = new char[Str.Size() * 2 + 1];
	unsigned long nb = mysql_real_escape_string(&(this->_mysql), to, str, Str.Size());
	delete[] str;
	GString res = GString::GetBuffer(to, nb);
	delete[] to;
	return (res);
}
Example #8
0
/**
 * Create a list of expandable variables from envp and possibly argv
 */
am_list_t *
create_expandable_variable_list (MYSQL *mysql, const char *envp[], const char *argv[]){
	time_t t;
	char      *escaped_username = NULL;
	char      *escaped_password = NULL;
	const char *username, *password;
	am_list_t *l = am_list_new ();

	if (l == NULL)
		return l;

	t = time (NULL);

	username = get_env ("username", envp);
	password = get_env ("password", envp);
	if (username != NULL){
		escaped_username = (char *) am_malloc (sizeof(char) * (strlen (username) * 2 + 1));
		mysql_real_escape_string (mysql, escaped_username, username, strlen (username));
	}
	if (password != NULL){
		escaped_password = (char *) am_malloc (sizeof(char) * (strlen (password) * 2 + 1));
		mysql_real_escape_string (mysql, escaped_password, password, strlen (password));
	}

	am_list_append (l, kvp_new_with_kv (EV_DUP ("time_now"), strdupf ("%d", t)));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("username"), NULL_OR_DUP (username)));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("password"), NULL_OR_DUP (password)));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("escaped_username"), NULL_OR_DUP (escaped_username)));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("escaped_password"), NULL_OR_DUP (escaped_password)));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("trusted_port"), NULL_OR_DUP (get_env ("trusted_port", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("trusted_ip"), NULL_OR_DUP (get_env ("trusted_ip", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("time_unix"), NULL_OR_DUP (get_env ("time_unix", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("ifconfig_pool_remote_ip"), NULL_OR_DUP (get_env ("ifconfig_pool_remote_ip", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("ifconfig_pool_local_ip"), NULL_OR_DUP (get_env ("ifconfig_pool_local_ip", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("ifconfig_local"), NULL_OR_DUP (get_env ("ifconfig_local", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("time_duration"), NULL_OR_DUP (get_env ("time_duration", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("bytes_sent"), NULL_OR_DUP (get_env ("bytes_sent", envp))));
	am_list_append (l, kvp_new_with_kv (EV_DUP ("bytes_received"), NULL_OR_DUP (get_env ("bytes_received", envp))));

	am_free (escaped_username);
	am_free (escaped_password);
  return l;
}
Example #9
0
//-------------------------------------------------------------------------------------
bool KBEEmailVerificationTableMysql::logAccount(DBInterface * dbi, int8 type, const std::string& name, 
												const std::string& datas, const std::string& code)
{
	std::string sqlstr = "insert into kbe_email_verification (accountName, type, datas, code, logtime) values(";

	char* tbuf = new char[MAX_BUF * 3];

	mysql_real_escape_string(static_cast<DBInterfaceMysql*>(dbi)->mysql(), 
		tbuf, name.c_str(), name.size());

	sqlstr += "\"";
	sqlstr += tbuf;
	sqlstr += "\",";

	kbe_snprintf(tbuf, MAX_BUF, "%d,", type);
	sqlstr += tbuf;
	
	mysql_real_escape_string(static_cast<DBInterfaceMysql*>(dbi)->mysql(), 
		tbuf, datas.c_str(), datas.size());

	sqlstr += "\"";
	sqlstr += tbuf;
	sqlstr += "\",";
	
	mysql_real_escape_string(static_cast<DBInterfaceMysql*>(dbi)->mysql(), 
		tbuf, code.c_str(), code.size());

	sqlstr += "\"";
	sqlstr += tbuf;
	sqlstr += "\",";

	kbe_snprintf(tbuf, MAX_BUF, "%"PRTime, time(NULL));

	sqlstr += tbuf;
	sqlstr += ")";

	SAFE_RELEASE_ARRAY(tbuf);

	if(!dbi->query(sqlstr.c_str(), sqlstr.size(), false))
		return false;

	return true;
}
Example #10
0
std::string MySQL::Escape(const std::string &str)
{
	char *tmp = new char[str.length() * 2 + 1];
	this->mtx.lock();
	mysql_real_escape_string(this->con, tmp, str.c_str(), str.length());
	this->mtx.unlock();
	std::string retStr(tmp);
	delete [] tmp;
	return retStr;
}
Example #11
0
int
sqon_escape (sqon_DatabaseServer *srv, const char *in, char **out, bool quote)
{
  int rc = 0;
  bool connected = srv->isopen;
  size_t extra = 1 + quote ? 2 : 0;
  char *temp = sqon_malloc ((strlen (in) * 2 + extra) * sizeof (char));
  if (NULL == temp)
    return SQON_MEMORYERROR;

  if (!connected)
    {
      rc = sqon_connect (srv);
      if (rc)
	{
	  sqon_free (temp);
	  return SQON_CONNECTERR;
	}
    }

  union
  {
    unsigned long ul;
  } written;

  switch (srv->type)
    {
    case SQON_DBCONN_MYSQL:
      written.ul = mysql_real_escape_string (srv->com, temp, in, strlen (in));
      written.ul += quote ? 3 : 1;

      *out = sqon_malloc (written.ul * sizeof (char));
      if (NULL == *out)
	{
	  rc = SQON_MEMORYERROR;
	  break;
	}

      if (quote)
	snprintf (*out, written.ul, "'%s'", temp);
      else
	strcpy (*out, temp);
      break;

    default:
      rc = SQON_UNSUPPORTED;
      break;
    }

  if (!connected)
    sqon_close (srv);

  sqon_free (temp);
  return rc;
}
Example #12
0
int
query_record_from_db(const char* pcszChinese, int nDelete){
	MYSQL_RES*	res;
	MYSQL_ROW	row;
	char 		szQueryStatement[MAX_SQL_LEN2];
	char		szChinese[MAX_CHINESE_LEN];

	if (strlen(pcszChinese) >= 1000 ){
		write_log(LT_FILE, "Too long when get translate\n"
			"Chinese string: %s\n", pcszChinese);
		return 0;
	}

	mysql_real_escape_string(g_myData, szChinese, 
				 pcszChinese, (int)strlen(pcszChinese));
	sprintf(szQueryStatement, SQL_QUERY_CHINESE,
		g_dbInfo.szTable, szChinese);

	if ( mysql_query( g_myData, szQueryStatement )){
		write_log(LT_BOTH, "Error: %s, ErrNo: %d\n", 
			  mysql_error(g_myData), mysql_errno(g_myData));
		write_log(LT_BOTH, "Failed: when query \"%s\"!\n", 
			  szQueryStatement);
		return 0;
	}

	res = mysql_store_result( g_myData );
	row = mysql_fetch_row( res );
	if ( row == NULL ){
		write_log(LT_BOTH, "Error: Can't fetch result row,"
				   "when query \"%s\"!\n",
			  szQueryStatement);
		return 0;
	}

	if ( row[1][0] != '\0' )
		write_log(LT_BOTH, "Its translate: %s", row[1]);

	mysql_free_result( res );

	if ( nDelete == 1 ){
		sprintf(szQueryStatement, SQL_DELETE_STR,
			g_dbInfo.szTable, szChinese);

	       	if ( mysql_query( g_myData, szQueryStatement )){
			write_log(LT_BOTH, "Error: %s, ErrNo: %d\n", 
				  mysql_error(g_myData), mysql_errno(g_myData));
			write_log(LT_BOTH, "Failed: when delete \"%s\"!\n", 
				  szQueryStatement);
			return 0;
		}
	}		

	return 1;
}
Example #13
0
/*
 * server doesn't reset sql_mode after COM_CHANGE_USER
 */
int bug_41785(MYSQL *mysql)
{
  char out[10];
  int rc, len;

  len= mysql_real_escape_string(mysql, out, "\\", 1);
  FAIL_IF(len != 2, "len != 2");

  rc= mysql_query(mysql, "SET SQL_MODE=NO_BACKSLASH_ESCAPES");
  check_mysql_rc(rc, mysql);
  rc= mysql_query(mysql, "SET sql_mode=''");
  check_mysql_rc(rc, mysql);

  mysql_change_user(mysql, "root", "", "test");

  len= mysql_real_escape_string(mysql, out, "\\", 1);
  FAIL_IF(len != 2, "len != 2");

  return OK;
}
Example #14
0
string Database::EscapeString(const char * esc, DatabaseConnection * con)
{
	char a2[16384] = {0};
	const char * ret;
	if(mysql_real_escape_string(con->conn, a2, (char*)esc, (unsigned long)strlen(esc)) == 0)
		ret = esc;
	else
		ret = a2;

	return string(ret);
}
Example #15
0
std::string CSql::escape( const void *ptr, const int32 size )
{
	if ( m_hSql == NULL || ptr == NULL || size <= 0 )
		return std::string();

	std::string buff( size * 4 + 1, '\0' );

	mysql_real_escape_string( m_hSql, &buff[0], (char*)ptr, size );

	return buff;
}
static char *escape(void *handle, const char *value, long *vlen)
{
	struct mysql_backend *conf = (struct mysql_backend *)handle;
	char *v;

	*vlen = strlen(value) * 2 + 1;
	if ((v = malloc(*vlen)) == NULL)
		return (NULL);
	mysql_real_escape_string(conf->mysql, v, value, strlen(value));
	return (v);
}
Example #17
0
/**
	escape : 'connection -> string -> string
	<doc>Escape the string for inserting into a SQL request</doc>
**/
static value escape( value o, value s ) {
	int len;
	value sout;
	val_check_kind(o,k_connection);
	val_check(s,string);
	len = val_strlen(s) * 2;
	sout = alloc_empty_string(len);
	len = mysql_real_escape_string(CNX(o)->m,val_string(sout),val_string(s),val_strlen(s));
	val_set_length(sout,len);
	return sout;
}
string MySQLConnection::EscapeString(string Escape)
{
	char a2[16384] = {0};
	const char * ret;
	if(mysql_real_escape_string(handle, a2, Escape.c_str(), (unsigned long)Escape.length()) == 0)
		ret = Escape.c_str();
	else
		ret = a2;

	return string(ret);
}
Example #19
0
void DBConn::escapeString(const char *s, int len, std::string &out) {
  assert(s);
  assert(isOpened());

  if (len) {
    char *buffer = (char*)malloc(len * 2 + 1);
    mysql_real_escape_string(m_conn, buffer, s, len);
    out = buffer;
    free(buffer);
  }
}
Example #20
0
string MySqlConn::escape(const string &s) {
	if (!m_bConnected) {
		connect();
	}

	string r;
	r.resize(s.size() * 2 + 1);
	mysql_real_escape_string(m_mysql, &r[0], s.c_str(), s.size());
	r.resize(strlen(r.c_str()));
	return r;
}
Example #21
0
strlist * getActors(char* movie){
	char * query = malloc(sizeof(char)*128);
	memset(query, 0, sizeof(char) * 128);

	char * escape = malloc(sizeof(char)*64);
	memset(escape, 0, sizeof(char) * 64);

	mysql_real_escape_string(con,escape,movie,strlen(movie));

	sprintf(query,"SELECT actor_name FROM actor_tbl WHERE movie_name = '%s'",escape);
	//printf("%s\n",query);

	

	if (mysql_query(con, query)) 
	{
		finish_with_error(con);
	}
	free(escape);
	free(query);

	MYSQL_RES *result = mysql_store_result(con);

	if (result == NULL) 
	{
		finish_with_error(con);
	}

	//int num_rows = mysql_num_rows(result);

	strlist *actors = malloc(sizeof(strlist));
	

	MYSQL_ROW row;

	int i =0;
	while ((row = mysql_fetch_row(result))) 
	{ 
		actors->items[i]=malloc(sizeof(char)*65);
		memset(actors->items[i],0,sizeof(char)*65);
		strcpy(actors->items[i],row[0] ? row[0] : "NULL");
		//printf("Actor Res:%i ,%s\n", i,actors->items[i]);

		i++;
		if(i>=MAX){
			break;
		}
	}
	mysql_free_result(result);

	actors->len = i;

	return actors;
}
Example #22
0
unsigned long
mysql_do_out_escape_string ( char **to, const char *from, unsigned long length )
{
	if ( !from )
		return 0;

	if ( strlen ( from ) == 0 )
		return 0;

	return mysql_real_escape_string ( outdb, *to, from, length );
}
Example #23
0
RakNet::RakString MySQLInterface::GetEscapedString(const char *input) const
{
	unsigned long len = (unsigned long) strlen(input);
	char *fn = new char [len*2+1];
	mysql_real_escape_string(mySqlConnection, fn, input, len);
	RakNet::RakString output;
	// Use assignment so it doesn't parse printf escape strings
	output = fn;
	delete [] fn;
	return output;
}
Example #24
0
std::string MySQLDatabase::EscapeString(const char* esc, DatabaseConnection* con)
{
    char a2[16384] = { 0 };
    const char* ret;
    if(mysql_real_escape_string(static_cast<MySQLDatabaseConnection*>(con)->MySql, a2, (char*)esc, (unsigned long)strlen(esc)) == 0)
        ret = esc;
    else
        ret = a2;

    return std::string(ret);
}
Example #25
0
std::string MySQLQuery::escape(const std::string& raw) {
    if (!conn_) {
        LOG_WARN("event=[mysqlquery] type=[execute] status=[invalid]");
        return "";
    }
    std::unique_ptr<char[]> escaped_string( new char[raw.size() << 1 + 1]);

    int size = mysql_real_escape_string(conn_->handler(), escaped_string.get(), raw.c_str(), raw.size());

    return std::string(escaped_string.get(), size);
}
Example #26
0
char* encNodeGetContent (xmlNodePtr curNode) {
	xmlChar* tmpStr;
	char *retVal = NULL;

	if ( ( tmpStr = xmlNodeGetContent(curNode)) != NULL  ) {
		retVal = (char*)malloc(sizeof(char)* (xmlStrlen(tmpStr)*2+1));
		mysql_real_escape_string(mysql_conn, retVal, (char*)tmpStr, xmlStrlen(tmpStr));
		xmlFree (tmpStr);
	}
	return (retVal);
}
Example #27
0
std::string CMySql::escape_string(const char * s, size_t length)
{
	if(!_bIsConn) Connect();

	char * p = new char[length * 2+1];
	char * pp = p;
	pp += mysql_real_escape_string(_Mysql, pp, s, length);
	std::string s1(p,pp-p);
	delete[] p;
	return s1;
}
Example #28
0
//NOT THREAD SAFE!
Const_char *EQDB::escape_string(Const_char *from) {
	int len = strlen(from);
	char *res = new char[len*2+1];

	mysql_real_escape_string(mysql_ref,res,from,len);

	res[len*2] = '\0';
	m_escapeBuffer = res;
	delete[] res;
	return(m_escapeBuffer.c_str());
}
Example #29
0
static char *_mysql_escape(void *conn, char **to,
			   const char *from, size_t fromlen)
{
    size_t tolen;

    *to = xrealloc(*to, 2 * fromlen + 1); /* +1 for NUL */

    tolen = mysql_real_escape_string(conn, *to, from, fromlen);

    return *to;
}
Example #30
0
void
string_my_escape (MYSQL * myh, string_t * str, const char *str2)
{
  int l;
  l = strlen (str2);
  if (str->size < (2 * l + 1))
    {
      str->size = (1 + ((2 * l + 1) / STRING_BLOCK_SIZE)) * STRING_BLOCK_SIZE;
      str->str = realloc (str->str, str->size * sizeof *str->str);
    }
  str->len = mysql_real_escape_string (myh, str->str, str2, l);
}