Field::quote_data(): (b6e29d09) · Commits · Software / OSDI20 Artifacts / mariadb

include/my_sys.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -845,7 +845,8 @@ extern char get_charsets_dir(char buf);
		extern my_bool my_charset_same(CHARSET_INFO cs1, CHARSET_INFO cs2);
		extern my_bool init_compiled_charsets(myf flags);
		extern void add_compiled_collation(CHARSET_INFO *cs);
		extern ulong escape_string_for_mysql(CHARSET_INFO charset_info, char to,
		extern ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
		char *to, ulong to_length,
		const char *from, ulong length);

		extern void thd_increment_bytes_sent(ulong length);

libmysql/libmysql.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1575,14 +1575,14 @@ mysql_hex_string(char to, const char from, ulong length)
		ulong STDCALL
		mysql_escape_string(char to,const char from,ulong length)
		{
		return escape_string_for_mysql(default_charset_info, to, from, length);
		return escape_string_for_mysql(default_charset_info, to, 0, from, length);
		}

		ulong STDCALL
		mysql_real_escape_string(MYSQL mysql, char to,const char *from,
		ulong length)
		{
		return escape_string_for_mysql(mysql->charset, to, from, length);
		return escape_string_for_mysql(mysql->charset, to, 0, from, length);
		}

mysys/charset.c

+48 −27

Original line number	Diff line number	Diff line
		@@ -561,21 +561,34 @@ CHARSET_INFO get_charset_by_csname(const char cs_name,
		DBUG_RETURN(cs);
		}


		ulong escape_string_for_mysql(CHARSET_INFO charset_info, char to,
		/*
		NOTE
		to keep old C API, to_length may be 0 to mean "big enough"
		RETURN
		the length of the escaped string or ~0 if it did not fit.
		*/
		ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
		char *to, ulong to_length,
		const char *from, ulong length)
		{
		const char *to_start= to;
		const char *end;
		const char end, to_end=to_start + (to_length ? to_length-1 : 2*length);
		my_bool overflow=0;
		#ifdef USE_MB
		my_bool use_mb_flag= use_mb(charset_info);
		#endif
		for (end= from + length; from != end; from++)
		for (end= from + length; from < end; from++)
		{
		char escape=0;
		#ifdef USE_MB
		int l;
		if (use_mb_flag && (l= my_ismbchar(charset_info, from, end)))
		{
		if (to + l >= to_end)
		{
		overflow=1;
		break;
		}
		while (l--)
		to++= from++;
		from--;
		@@ -593,45 +606,53 @@ ulong escape_string_for_mysql(CHARSET_INFO charset_info, char to,
		a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
		*/
		if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
		{
		*to++= '\\';
		to++= from;
		continue;
		}
		escape= *from;
		else
		#endif
		switch (*from) {
		case 0: /* Must be escaped for 'mysql' */
		*to++= '\\';
		*to++= '0';
		escape= '0';
		break;
		case '\n': /* Must be escaped for logs */
		*to++= '\\';
		*to++= 'n';
		escape= 'n';
		break;
		case '\r':
		*to++= '\\';
		*to++= 'r';
		escape= 'r';
		break;
		case '\\':
		*to++= '\\';
		*to++= '\\';
		escape= '\\';
		break;
		case '\'':
		*to++= '\\';
		*to++= '\'';
		escape= '\'';
		break;
		case '"': /* Better safe than sorry */
		*to++= '\\';
		*to++= '"';
		escape= '"';
		break;
		case '\032': /* This gives problems on Win32 */
		escape= 'Z';
		break;
		}
		if (escape)
		{
		if (to + 2 >= to_end)
		{
		overflow=1;
		break;
		}
		*to++= '\\';
		*to++= 'Z';
		*to++= escape;
		}
		else
		{
		if (to + 1 >= to_end)
		{
		overflow=1;
		break;
		default:
		}
		to++= from;
		}
		}
		*to= 0;
		return (ulong) (to - to_start);
		return overflow ? (ulong)~0 : (ulong) (to - to_start);
		}

sql/field.cc

+10 −13

Original line number	Diff line number	Diff line
		@@ -752,25 +752,22 @@ bool Field::quote_data(String *unquoted_string)
		{
		char escaped_string[IO_SIZE];
		char unquoted_string_buffer= (char )(unquoted_string->ptr());
		uint need_quotes;
		DBUG_ENTER("Field::quote_data");

		// this is the same call that mysql_real_escape_string() calls
		escape_string_for_mysql(&my_charset_bin, (char *)escaped_string,
		unquoted_string->ptr(), unquoted_string->length());

		need_quotes= needs_quotes();

		if (need_quotes == 0)
		if (!needs_quotes())
		DBUG_RETURN(0);

		// this is the same call that mysql_real_escape_string() calls
		if (escape_string_for_mysql(&my_charset_bin, (char *)escaped_string,
		sizeof(escaped_string), unquoted_string->ptr(),
		unquoted_string->length()) == (ulong)~0)
		DBUG_RETURN(1);

		// reset string, then re-append with quotes and escaped values
		unquoted_string->length(0);
		if (unquoted_string->append('\''))
		DBUG_RETURN(1);
		if (unquoted_string->append((char *)escaped_string))
		DBUG_RETURN(1);
		if (unquoted_string->append('\''))
		if (unquoted_string->append('\'') \|\|
		unquoted_string->append((char *)escaped_string) \|\|
		unquoted_string->append('\''))
		DBUG_RETURN(1);
		DBUG_RETURN(0);
		}

sql/item.cc

+1 −1

Original line number	Diff line number	Diff line
		@@ -2038,7 +2038,7 @@ const String Item_param::query_val_str(String str) const
		buf= str->c_ptr_quick();
		ptr= buf;
		*ptr++= '\'';
		ptr+= escape_string_for_mysql(str_value.charset(), ptr,
		ptr+= escape_string_for_mysql(str_value.charset(), ptr, 0,
		str_value.ptr(), str_value.length());
		*ptr++= '\'';
		str->length(ptr - buf);