thijn/SqMod
1
0
Fork 0
mirror of https://github.com/VCMP-SqMod/SqMod.git synced 2024-11-08 08:47:17 +01:00
Code Releases Activity

Direct MySQL string escape.

Browse Source
This commit is contained in:
Sandu Liviu Catalin 2021-03-21 20:19:00 +02:00
parent 0b62694491
commit 828452a878
2 changed files with 43 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
module/PocoLib/Data.cpp
View File

@ -12,6 +12,8 @@
#endif #endif
#ifdef SQMOD_POCO_HAS_MYSQL #ifdef SQMOD_POCO_HAS_MYSQL
#include <Poco/Data/MySQL/Connector.h> #include <Poco/Data/MySQL/Connector.h>
// Used for string escape functionality
#include <mysql.h>
#endif #endif
#ifdef SQMOD_POCO_HAS_POSTGRESQL #ifdef SQMOD_POCO_HAS_POSTGRESQL
#include <Poco/Data/PostgreSQL/Connector.h> #include <Poco/Data/PostgreSQL/Connector.h>
@ -58,10 +60,10 @@ static LightObj SQLiteEscapeString(StackStrF & str)
// Is there even a string to escape? // Is there even a string to escape?
if (str.mLen <= 0) if (str.mLen <= 0)
{ {
return LightObj("", 0); // Default to empty string return LightObj(_SC(""), 0, str.mVM); // Default to empty string
} }
// Allocate a memory buffer // Allocate a memory buffer
Buffer b(static_cast< Buffer::SzType >(str.mLen * 2)); Buffer b(static_cast< Buffer::SzType >(str.mLen * 2 + 1));
// Attempt to escape the specified string // Attempt to escape the specified string
sqlite3_snprintf(b.Capacity(), b.Get< char >(), "%q", str.mPtr); sqlite3_snprintf(b.Capacity(), b.Get< char >(), "%q", str.mPtr);
// Return the resulted string // Return the resulted string
@ -80,12 +82,12 @@ static LightObj SQLiteEscapeStringEx(SQChar spec, StackStrF & str)
// Is there even a string to escape? // Is there even a string to escape?
else if (!str.mLen) else if (!str.mLen)
{ {
return LightObj("", 0); // Default to empty string return LightObj(_SC(""), 0, str.mVM); // Default to empty string
} }
// Apply the format specifier // Apply the format specifier
fs[1] = spec; fs[1] = spec;
// Allocate a memory buffer // Allocate a memory buffer
Buffer b(static_cast< Buffer::SzType >(str.mLen * 2)); Buffer b(static_cast< Buffer::SzType >(str.mLen * 2 + 1));
// Attempt to escape the specified string // Attempt to escape the specified string
sqlite3_snprintf(b.Capacity(), b.Get< char >(), fs, str.mPtr); sqlite3_snprintf(b.Capacity(), b.Get< char >(), fs, str.mPtr);
// Return the resulted string // Return the resulted string
@ -94,6 +96,32 @@ static LightObj SQLiteEscapeStringEx(SQChar spec, StackStrF & str)
#endif #endif
// ------------------------------------------------------------------------------------------------
#ifdef SQMOD_POCO_HAS_MYSQL
LightObj SqDataSession::MySQLEscapeString(StackStrF & str)
{
// Is there even a string to escape?
if (str.mLen <= 0)
{
return LightObj(_SC(""), 0, str.mVM); // Default to empty string
}
else if (Session::connector() != "mysql")
{
STHROWF("'mysql' session expected, got '{}'", Session::connector());
}
// Retrieve the internal handle property
auto * handle = Poco::AnyCast< MYSQL * >(Session::getProperty("handle"));
// Allocate a buffer for the given string
Buffer b(static_cast< Buffer::SzType >(str.mLen * 2 + 1));
// Attempt to escape the specified string
const unsigned long len = mysql_real_escape_string(handle, b.Get< char >(), str.mPtr, str.mLen);
// Return the resulted string
return LightObj(b.Get< SQChar >(), static_cast< SQInteger >(len), str.mVM);
}
#endif
// ------------------------------------------------------------------------------------------------ // ------------------------------------------------------------------------------------------------
void SqDataSession::SetProperty(const LightObj & value, StackStrF & name) void SqDataSession::SetProperty(const LightObj & value, StackStrF & name)
{ {
@ -582,6 +610,9 @@ void Register_POCO_Data(HSQUIRRELVM vm, Table &)
.FmtFunc(_SC("GetProperty"), &SqDataSession::GetProperty) .FmtFunc(_SC("GetProperty"), &SqDataSession::GetProperty)
.FmtFunc(_SC("Execute"), &SqDataSession::Execute) .FmtFunc(_SC("Execute"), &SqDataSession::Execute)
.FmtFunc(_SC("ExecuteAsync"), &SqDataSession::ExecuteAsync) .FmtFunc(_SC("ExecuteAsync"), &SqDataSession::ExecuteAsync)
#ifdef SQMOD_POCO_HAS_MYSQL
.FmtFunc(_SC("MySQLEscapeString"), &SqDataSession::MySQLEscapeString)
#endif
// Static Functions // Static Functions
.StaticFunc(_SC("GetURI"), &SqDataSession::BuildURI) .StaticFunc(_SC("GetURI"), &SqDataSession::BuildURI)
// Static Values // Static Values
@ -732,8 +763,8 @@ void Register_POCO_Data(HSQUIRRELVM vm, Table &)
ns.Func(_SC("Process"), ProcessPocoData); ns.Func(_SC("Process"), ProcessPocoData);
// -------------------------------------------------------------------------------------------- // --------------------------------------------------------------------------------------------
#ifdef SQMOD_POCO_HAS_SQLITE #ifdef SQMOD_POCO_HAS_SQLITE
ns.Func(_SC("SQLiteEscapeString"), SQLiteEscapeString); ns.FmtFunc(_SC("SQLiteEscapeString"), SQLiteEscapeString);
ns.Func(_SC("SQLiteEscapeStringEx"), SQLiteEscapeStringEx); ns.FmtFunc(_SC("SQLiteEscapeStringEx"), SQLiteEscapeStringEx);
#endif #endif
// -------------------------------------------------------------------------------------------- // --------------------------------------------------------------------------------------------
Register_POCO_Data_Binding< SQInteger, SqIntegerBinding >(vm, ns, _SC("IntBind")); Register_POCO_Data_Binding< SQInteger, SqIntegerBinding >(vm, ns, _SC("IntBind"));

7
module/PocoLib/Data.hpp
View File

@ -685,7 +685,12 @@ struct SqDataSession : public Session
* Move assignment. * Move assignment.
*/ */
SqDataSession & operator = (SqDataSession &&) noexcept = default; SqDataSession & operator = (SqDataSession &&) noexcept = default;
#ifdef SQMOD_POCO_HAS_MYSQL
/* --------------------------------------------------------------------------------------------
* Implements string escape in MySQL.
*/
LightObj MySQLEscapeString(StackStrF & str);
#endif
/* -------------------------------------------------------------------------------------------- /* --------------------------------------------------------------------------------------------
* Opens the session using the supplied string. * Opens the session using the supplied string.
* Can also be used with default empty string to reconnect a disconnected session. * Can also be used with default empty string to reconnect a disconnected session.