diff options
| author | markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> | 2003-08-17 16:53:10 +0000 |
|---|---|---|
| committer | markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> | 2003-08-17 16:53:10 +0000 |
| commit | 166f660c0eb85a07a52efaf8c98d955fd2926c7b (patch) | |
| tree | 9dd6e55f4a177783e58123cf93a106d643aeff1f /cdr | |
| parent | 7db3f56426b9fa49ba86c15865528aeea9131d66 (diff) | |
Escape fields going into MySQL CDR's
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@1358 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'cdr')
| -rwxr-xr-x | cdr/cdr_mysql.c | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/cdr/cdr_mysql.c b/cdr/cdr_mysql.c index a74756b24..fa435b0da 100755 --- a/cdr/cdr_mysql.c +++ b/cdr/cdr_mysql.c @@ -86,11 +86,43 @@ static int mysql_log(struct ast_cdr *cdr) } if (connected) { + char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL, *uniqueid=NULL; + + /* Maximum space needed would be if all characters needed to be escaped, plus a trailing NULL */ + if (clid = alloca(strlen(cdr->clid) * 2 + 1)) + mysql_real_escape_string(&mysql, clid, cdr->clid, strlen(cdr->clid)); + if (dcontext = alloca(strlen(cdr->dcontext) * 2 + 1)) + mysql_real_escape_string(&mysql, dcontext, cdr->dcontext, strlen(cdr->dcontext)); + if (channel = alloca(strlen(cdr->channel) * 2 + 1)) + mysql_real_escape_string(&mysql, channel, cdr->channel, strlen(cdr->channel)); + if (dstchannel = alloca(strlen(cdr->dstchannel) * 2 + 1)) + mysql_real_escape_string(&mysql, dstchannel, cdr->dstchannel, strlen(cdr->dstchannel)); + if (lastapp = alloca(strlen(cdr->lastapp) * 2 + 1)) + mysql_real_escape_string(&mysql, lastapp, cdr->lastapp, strlen(cdr->lastapp)); + if (lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) + mysql_real_escape_string(&mysql, lastdata, cdr->lastdata, strlen(cdr->lastdata)); +#ifdef MYSQL_LOGUNIQUEID + if (uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) + mysql_real_escape_string(&mysql, uniqueid, cdr->uniqueid, strlen(cdr->uniqueid)); +#endif + + /* Check for all alloca failures above at once */ +#ifdef MYSQL_LOGUNIQUEID + if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid)) { +#else + if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata)) { +#endif + ast_log(LOG_ERROR, "cdr_mysql: Out of memory error (insert fails)\n"); + ast_mutex_unlock(&mysql_lock); + return -1; + } + ast_log(LOG_DEBUG,"cdr_mysql: inserting a CDR record.\n"); + #ifdef MYSQL_LOGUNIQUEID - sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')",timestr,cdr->clid,cdr->src, cdr->dst, cdr->dcontext,cdr->channel, cdr->dstchannel, cdr->lastapp, cdr->lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, cdr->uniqueid); + sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid); #else - sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')",timestr,cdr->clid,cdr->src, cdr->dst, cdr->dcontext,cdr->channel, cdr->dstchannel, cdr->lastapp, cdr->lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode); + sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode); #endif ast_log(LOG_DEBUG,"cdr_mysql: SQL command as follows: %s\n",sqlcmd); @@ -175,7 +207,7 @@ int load_module(void) return -1; } } else { - ast_log(LOG_WARNING,"MySQL server hostname not specified. Assuming localhost"); + ast_log(LOG_WARNING,"MySQL server hostname not specified. Assuming localhost\n"); hostname = "localhost"; } @@ -220,7 +252,7 @@ int load_module(void) return -1; } } else { - ast_log(LOG_WARNING,"MySQL database sock file not specified. Assuming default\n"); + ast_log(LOG_WARNING,"MySQL database sock file not specified. Using default\n"); dbsock = NULL; } |