amb1443 - SQL_QuoteString -> SQL_EscapeString

--HG-- extra : convert_revision : svn%3A39bc706e-5318-0410-9160-8a85361fbb7c/trunk%401880
2008-02-22 02:23:17 +00:00 · 2008-02-22 02:23:17 +00:00 · e4450610da
commit e4450610da
parent cf52d02803
4 changed files with 38 additions and 14 deletions
--- a/core/smn_database.cpp
+++ b/core/smn_database.cpp
@ -1271,6 +1271,7 @@ REGISTER_NATIVES(dbNatives)
 	{"SQL_CheckConfig",			SQL_CheckConfig},
 	{"SQL_Connect",				SQL_Connect},
 	{"SQL_ConnectEx",			SQL_ConnectEx},
 	{"SQL_EscapeString",		SQL_QuoteString},
 	{"SQL_Execute",				SQL_Execute},
 	{"SQL_FastQuery",			SQL_FastQuery},
 	{"SQL_FetchFloat",			SQL_FetchFloat},
--- a/plugins/admin-sql-threaded.sp
+++ b/plugins/admin-sql-threaded.sp
@ -484,7 +484,7 @@ FetchUser(Handle:db, client)
 		}
 	}
-	SQL_QuoteString(db, name, safe_name, sizeof(safe_name));
+	SQL_EscapeString(db, name, safe_name, sizeof(safe_name));
 	/**
 	 * Construct the query using the information the user gave us.
--- a/plugins/include/dbi.inc
+++ b/plugins/include/dbi.inc
@ -235,8 +235,14 @@ native SQL_GetInsertId(Handle:hndl);
 native bool:SQL_GetError(Handle:hndl, String:error[], maxlength);
 /**
- * Quotes a database string for literal insertion.  This is not needed
+ * Escapes a database string for literal insertion.  This is not needed
- * for binding strings in prepared statements.
+ * for binding strings in prepared statements.  
 *
 * Generally, database strings are inserted into queries enclosed in 
 * single quotes (').  If user input has a single quote in it, the 
 * quote needs to be escaped.  This function ensures that any unsafe 
 * characters are safely escaped according to the database engine and 
 * the database's character set.
 *
 * @param hndl			A database Handle.
 * @param string		String to quote.
@ -247,7 +253,24 @@ native bool:SQL_GetError(Handle:hndl, String:error[], maxlength);
 *						The buffer must be at least 2*strlen(string)+1.
 * @error				Invalid database or statement Handle.
 */
-native bool:SQL_QuoteString(Handle:database, const String:string[], String:buffer[], maxlength, &written=0);
+native bool:SQL_EscapeString(Handle:database, 
 							 const String:string[], 
 							 String:buffer[], 
 							 maxlength, 
 							 &written=0);
 /**
 * This is a backwards compatibility stock.  You should use SQL_EscapeString() 
 * instead, as this function will probably be deprecated in SourceMod 1.1.
 */
 stock bool:SQL_QuoteString(Handle:database,
 						   const String:string[],
 						   String:buffer[],
 						   maxlength,
 						   &written=0)
 {
 	return SQL_EscapeString(database, string, buffer, maxlength, written);
 }
 /**
 * Executes a query and ignores the result set.
--- a/plugins/sql-admin-manager.sp
+++ b/plugins/sql-admin-manager.sp
@ -417,7 +417,7 @@ public Action:Command_SetAdminGroups(client, args)
 	decl String:identity[65];
 	decl String:safe_identity[140];
 	GetCmdArg(2, identity, sizeof(identity));
-	SQL_QuoteString(db, identity, safe_identity, sizeof(safe_identity));
+	SQL_EscapeString(db, identity, safe_identity, sizeof(safe_identity));
 	decl String:query[255];
 	Format(query, 
@ -541,9 +541,9 @@ public Action:Command_DelGroup(client, args)
 	if (len > 1 && (name[0] == '"' && name[len-1] == '"'))
 	{
 		name[--len] = '\0';
-		SQL_QuoteString(db, name[1], safe_name, sizeof(safe_name));
+		SQL_EscapeString(db, name[1], safe_name, sizeof(safe_name));
 	} else {
-		SQL_QuoteString(db, name, safe_name, sizeof(safe_name));
+		SQL_EscapeString(db, name, safe_name, sizeof(safe_name));
 	}
 	decl String:query[256];
@ -632,7 +632,7 @@ public Action:Command_AddGroup(client, args)
 	decl String:name[64];
 	decl String:safe_name[64];
 	GetCmdArg(1, name, sizeof(name));
-	SQL_QuoteString(db, name, safe_name, sizeof(safe_name));
+	SQL_EscapeString(db, name, safe_name, sizeof(safe_name));
 	new Handle:hQuery;
 	decl String:query[256];
@ -655,7 +655,7 @@ public Action:Command_AddGroup(client, args)
 	decl String:flags[30];
 	decl String:safe_flags[64];
 	GetCmdArg(2, flags, sizeof(safe_flags));
-	SQL_QuoteString(db, flags, safe_flags, sizeof(safe_flags));
+	SQL_EscapeString(db, flags, safe_flags, sizeof(safe_flags));
 	Format(query, 
 		sizeof(query),
@ -706,7 +706,7 @@ public Action:Command_DelAdmin(client, args)
 	decl String:identity[65];
 	decl String:safe_identity[140];
 	GetCmdArg(2, identity, sizeof(identity));
-	SQL_QuoteString(db, identity, safe_identity, sizeof(safe_identity));
+	SQL_EscapeString(db, identity, safe_identity, sizeof(safe_identity));
 	decl String:query[255];
 	Format(query, 
@ -798,7 +798,7 @@ public Action:Command_AddAdmin(client, args)
 		return Plugin_Handled;
 	}
-	SQL_QuoteString(db, identity, safe_identity, sizeof(safe_identity));
+	SQL_EscapeString(db, identity, safe_identity, sizeof(safe_identity));
 	Format(query, sizeof(query), "SELECT id FROM sm_admins WHERE authtype = '%s' AND identity = '%s'", authtype, identity);
 	if ((hQuery = SQL_Query(db, query)) == INVALID_HANDLE)
@ -819,19 +819,19 @@ public Action:Command_AddAdmin(client, args)
 	decl String:alias[64];
 	decl String:safe_alias[140];
 	GetCmdArg(1, alias, sizeof(alias));
-	SQL_QuoteString(db, alias, safe_alias, sizeof(safe_alias));
+	SQL_EscapeString(db, alias, safe_alias, sizeof(safe_alias));
 	decl String:flags[30];
 	decl String:safe_flags[64];
 	GetCmdArg(4, flags, sizeof(flags));
-	SQL_QuoteString(db, flags, safe_flags, sizeof(safe_flags));
+	SQL_EscapeString(db, flags, safe_flags, sizeof(safe_flags));
 	decl String:password[32];
 	decl String:safe_password[80];
 	if (args > 4)
 	{
 		GetCmdArg(5, password, sizeof(password));
-		SQL_QuoteString(db, password, safe_password, sizeof(safe_password));
+		SQL_EscapeString(db, password, safe_password, sizeof(safe_password));
 	} else {
 		safe_password[0] = '\0';
 	}