[libdbi-devel] Problem in escaping function dbd_quote_string()

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I found a problem with the escaping function dbd_quote_string() of the mysql
driver. When this function call the mysql api  mysql_escape_string() it pass
the lenght of the original string as calculated with the strlen() C api.

int dbd_quote_string(dbi_driver_t *driver, const char *orig, char *dest) {
 /* foo's -> 'foo\'s' */
 unsigned int len;
 strcpy(dest, "'");
 len = mysql_escape_string(dest+1, orig,      strlen(orig)  );   <==========
 strcat(dest, "'");
 return len+2;
}

This compromise the ability to escape binary string that can contain '\0'
characters before the end.

I suggest to change the dbd_quote string() in order to accept the length of
the string as parameter. The same for the abstract function
dbi_driver_quote_string_copy() and dbi_driver_quote_string() that call the
driver function.

Otherwise we could add  new functions with the '_binary_' word that accept
the lenght of the buffer:

int dbi_driver_quote_binary_string_copy(dbi_driver Driver, const char *orig,
int orig_len, char **newquoted)
int dbi_driver_quote_binary_string(dbi_driver Driver, char **orig, int
orig_len)

and for the driver:

int dbd_quote_binary_string(dbi_driver_t *driver, const char *orig, int
orig_len char *dest)

Bye
Cristian