UNLOZE/sourcemod
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

amb1443 - SQL_QuoteString -> SQL_EscapeString

Browse Source 
--HG--
extra : convert_revision : svn%3A39bc706e-5318-0410-9160-8a85361fbb7c/trunk%401880
This commit is contained in:
David Anderson 2008-02-22 02:23:17 +00:00
parent cf52d02803
commit e4450610da
4 changed files with 38 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/smn_database.cpp
View File

@ -1271,6 +1271,7 @@ REGISTER_NATIVES(dbNatives)
{"SQL_CheckConfig", SQL_CheckConfig},
{"SQL_Connect", SQL_Connect},
{"SQL_ConnectEx", SQL_ConnectEx},
{"SQL_EscapeString", SQL_QuoteString},
{"SQL_Execute", SQL_Execute},
{"SQL_FastQuery", SQL_FastQuery},
{"SQL_FetchFloat", SQL_FetchFloat},

2
plugins/admin-sql-threaded.sp
View File

@ -484,7 +484,7 @@ FetchUser(Handle:db, client)
}
}
SQL_QuoteString(db, name, safe_name, sizeof(safe_name));
SQL_EscapeString(db, name, safe_name, sizeof(safe_name));
/**
* Construct the query using the information the user gave us.

29
plugins/include/dbi.inc
View File

@ -235,8 +235,14 @@ native SQL_GetInsertId(Handle:hndl);
native bool:SQL_GetError(Handle:hndl, String:error[], maxlength);
/**
* Quotes a database string for literal insertion. This is not needed
* for binding strings in prepared statements.
* Escapes a database string for literal insertion. This is not needed
* for binding strings in prepared statements.
*
* Generally, database strings are inserted into queries enclosed in
* single quotes ('). If user input has a single quote in it, the
* quote needs to be escaped. This function ensures that any unsafe
* characters are safely escaped according to the database engine and
* the database's character set.
*
* @param hndl A database Handle.
* @param string String to quote.
@ -247,7 +253,24 @@ native bool:SQL_GetError(Handle:hndl, String:error[], maxlength);
* The buffer must be at least 2*strlen(string)+1.
* @error Invalid database or statement Handle.
*/
native bool:SQL_QuoteString(Handle:database, const String:string[], String:buffer[], maxlength, &written=0);
native bool:SQL_EscapeString(Handle:database,
const String:string[],
String:buffer[],
maxlength,
&written=0);
/**
* This is a backwards compatibility stock. You should use SQL_EscapeString()
* instead, as this function will probably be deprecated in SourceMod 1.1.
*/
stock bool:SQL_QuoteString(Handle:database,
const String:string[],
String:buffer[],
maxlength,
&written=0)
{
return SQL_EscapeString(database, string, buffer, maxlength, written);
}
/**
* Executes a query and ignores the result set.

20
plugins/sql-admin-manager.sp
View File

@ -417,7 +417,7 @@ public Action:Command_SetAdminGroups(client, args)
decl String:identity[65];
decl String:safe_identity[140];
GetCmdArg(2, identity, sizeof(identity));
SQL_QuoteString(db, identity, safe_identity, sizeof(safe_identity));
SQL_EscapeString(db, identity, safe_identity, sizeof(safe_identity));
decl String:query[255];
Format(query,
@ -541,9 +541,9 @@ public Action:Command_DelGroup(client, args)
if (len > 1 && (name[0] == '"' && name[len-1] == '"'))
{
name[--len] = '\0';
SQL_QuoteString(db, name[1], safe_name, sizeof(safe_name));
SQL_EscapeString(db, name[1], safe_name, sizeof(safe_name));
} else {
SQL_QuoteString(db, name, safe_name, sizeof(safe_name));
SQL_EscapeString(db, name, safe_name, sizeof(safe_name));
}
decl String:query[256];
@ -632,7 +632,7 @@ public Action:Command_AddGroup(client, args)
decl String:name[64];
decl String:safe_name[64];
GetCmdArg(1, name, sizeof(name));
SQL_QuoteString(db, name, safe_name, sizeof(safe_name));
SQL_EscapeString(db, name, safe_name, sizeof(safe_name));
new Handle:hQuery;
decl String:query[256];
@ -655,7 +655,7 @@ public Action:Command_AddGroup(client, args)
decl String:flags[30];
decl String:safe_flags[64];
GetCmdArg(2, flags, sizeof(safe_flags));
SQL_QuoteString(db, flags, safe_flags, sizeof(safe_flags));
SQL_EscapeString(db, flags, safe_flags, sizeof(safe_flags));
Format(query,
sizeof(query),
@ -706,7 +706,7 @@ public Action:Command_DelAdmin(client, args)
decl String:identity[65];
decl String:safe_identity[140];
GetCmdArg(2, identity, sizeof(identity));
SQL_QuoteString(db, identity, safe_identity, sizeof(safe_identity));
SQL_EscapeString(db, identity, safe_identity, sizeof(safe_identity));
decl String:query[255];
Format(query,
@ -798,7 +798,7 @@ public Action:Command_AddAdmin(client, args)
return Plugin_Handled;
}
SQL_QuoteString(db, identity, safe_identity, sizeof(safe_identity));
SQL_EscapeString(db, identity, safe_identity, sizeof(safe_identity));
Format(query, sizeof(query), "SELECT id FROM sm_admins WHERE authtype = '%s' AND identity = '%s'", authtype, identity);
if ((hQuery = SQL_Query(db, query)) == INVALID_HANDLE)
@ -819,19 +819,19 @@ public Action:Command_AddAdmin(client, args)
decl String:alias[64];
decl String:safe_alias[140];
GetCmdArg(1, alias, sizeof(alias));
SQL_QuoteString(db, alias, safe_alias, sizeof(safe_alias));
SQL_EscapeString(db, alias, safe_alias, sizeof(safe_alias));
decl String:flags[30];
decl String:safe_flags[64];
GetCmdArg(4, flags, sizeof(flags));
SQL_QuoteString(db, flags, safe_flags, sizeof(safe_flags));
SQL_EscapeString(db, flags, safe_flags, sizeof(safe_flags));
decl String:password[32];
decl String:safe_password[80];
if (args > 4)
{
GetCmdArg(5, password, sizeof(password));
SQL_QuoteString(db, password, safe_password, sizeof(safe_password));
SQL_EscapeString(db, password, safe_password, sizeof(safe_password));
} else {
safe_password[0] = '\0';
}