[Refdb-cvs] CVS: refdb/src xmlhandler.c,1.22.2.24,1.22.2.25
Status: Beta
Brought to you by:
mhoenicka
Menu
▾
▴
[Refdb-cvs] CVS: refdb/src xmlhandler.c,1.22.2.24,1.22.2.25
|
From: Markus H. <mho...@us...> - 2006-02-22 21:02:55
|
Update of /cvsroot/refdb/refdb/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1095 Modified Files: Tag: Release_0_9_5_stable xmlhandler.c Log Message: escape periodical title Index: xmlhandler.c =================================================================== RCS file: /cvsroot/refdb/refdb/src/xmlhandler.c,v retrieving revision 1.22.2.24 retrieving revision 1.22.2.25 diff -u -U2 -r1.22.2.24 -r1.22.2.25 --- xmlhandler.c 8 Feb 2006 20:46:54 -0000 1.22.2.24 +++ xmlhandler.c 22 Feb 2006 21:02:45 -0000 1.22.2.25 @@ -1355,4 +1355,5 @@ char* my_xaempty = NULL; char *my_refdb_title = NULL; + char* escape_buffer; char titlespec[16]; char periodical[256] = ""; @@ -1777,11 +1778,11 @@ /* journal */ - sprintf(sql_command, "UPDATE %s SET periodical=\'", ptr_gbdata->ptr_table_name); + sprintf(sql_command, "UPDATE %s SET periodical=", ptr_gbdata->ptr_table_name); if (!strcmp(my_dbi_conn_get_cap(ptr_gbdata->conn, "multiple_db"), "t")) { - item = get_periodical(ptr_gbdata->conn, periodical, database, 3, &errcode, real_orig_id); + item = get_periodical(ptr_gbdata->conn, periodical, database, 4, &errcode, real_orig_id); } else { - item = get_periodical(conn_source, periodical, NULL, 3, &errcode, real_orig_id); + item = get_periodical(conn_source, periodical, NULL, 4, &errcode, real_orig_id); } @@ -1792,8 +1793,24 @@ else if (!errcode) { if (*periodical) { +/* printf("periodical went to:%s<<\n", periodical); */ /* string is short enough, don't need mstrcat here */ - strcat(sql_command, periodical); + escape_buffer = strdup(item); + + if (!escape_buffer) { + LOG_PRINT(LOG_WARNING, "malloc failed"); + (*(ptr_gbdata->ptr_nmem_error))++; + } + + /* escape any characters that the database server cannot digest */ + if (dbi_conn_quote_string(ptr_gbdata->conn, &escape_buffer) == 0) { + LOG_PRINT(LOG_WARNING, "out of memory"); + (*(ptr_gbdata->ptr_nmem_error))++; + } + +/* printf("escape_buffer went to:%s<<\n", escape_buffer); */ + strcat(sql_command, escape_buffer); + free(escape_buffer); } - strcat(sql_command, "\' WHERE id="); + strcat(sql_command, " WHERE id="); /* buffer still has temp_id*/ strcat(sql_command, buffer); |
