diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-07-11 18:33:23 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2007-07-11 18:33:23 +0000 |
commit | f3f1de7ff3b35a3bf6e50ca75f223a567388b3a1 (patch) | |
tree | c534b3d6d85976ff0f5922a617fcc6986936fed5 | |
parent | 2c82f5385e779537cca162e3306f0fdcb0f635c9 (diff) |
Make sure that the ESCAPE immediately follows the condition that uses LIKE.
This fixes realtime extensions with ODBC.
(closes issue #10175, reported by stuarth, patch by me)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@74656 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | res/res_config_odbc.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/res/res_config_odbc.c b/res/res_config_odbc.c index fcd4609cf..ff30ee2c4 100644 --- a/res/res_config_odbc.c +++ b/res/res_config_odbc.c @@ -95,16 +95,15 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl return NULL; } newval = va_arg(aq, const char *); - if (!strchr(newparam, ' ')) op = " ="; else op = ""; + op = !strchr(newparam, ' ') ? " =" : ""; snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op); while((newparam = va_arg(aq, const char *))) { - if (!strchr(newparam, ' ')) op = " ="; else op = ""; - snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?", newparam, op); + op = !strchr(newparam, ' ') ? " =" : ""; + snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op, + strcasestr(newparam, "LIKE") ? " ESCAPE '\\'" : ""); newval = va_arg(aq, const char *); } va_end(aq); - if (strcasestr(sql, "LIKE")) - snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ESCAPE '\\'"); res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS); if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { @@ -242,18 +241,17 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char * if (initfield && (op = strchr(initfield, ' '))) *op = '\0'; newval = va_arg(aq, const char *); - if (!strchr(newparam, ' ')) op = " ="; else op = ""; + op = !strchr(newparam, ' ') ? " =" : ""; snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op); while((newparam = va_arg(aq, const char *))) { - if (!strchr(newparam, ' ')) op = " ="; else op = ""; - snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?", newparam, op); + op = !strchr(newparam, ' ') ? " =" : ""; + snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op, + strcasestr(newparam, "LIKE") ? " ESCAPE '\\'" : ""); newval = va_arg(aq, const char *); } if (initfield) snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ORDER BY %s", initfield); va_end(aq); - if (strcasestr(sql, "LIKE")) - snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ESCAPE '\\'"); res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS); if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { |