[tracker/wip/carlosg/fix-sql-escaping] libtracker-data: Escape the correct character for SQL strings
- From: Carlos Garnacho <carlosg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker/wip/carlosg/fix-sql-escaping] libtracker-data: Escape the correct character for SQL strings
- Date: Sun, 3 May 2020 14:14:53 +0000 (UTC)
commit c2537ddbd137ef0f2c4bebc5c00cac36229b781e
Author: Carlos Garnacho <carlosg gnome org>
Date: Sun May 3 16:12:03 2020 +0200
libtracker-data: Escape the correct character for SQL strings
We must escape the correct ' or " character for SQL strings, mismatches
results in the character being doubly printed. Pass the escape character
as an argument to the escaping function, and use " in all places, as it
is the convention.
Fixes: https://gitlab.gnome.org/GNOME/tracker/-/issues/198
src/libtracker-data/tracker-sparql.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
---
diff --git a/src/libtracker-data/tracker-sparql.c b/src/libtracker-data/tracker-sparql.c
index 04e2a6549..111306033 100644
--- a/src/libtracker-data/tracker-sparql.c
+++ b/src/libtracker-data/tracker-sparql.c
@@ -468,7 +468,8 @@ _append_placeholder (TrackerSparql *sparql)
}
static inline gchar *
-_escape_sql_string (const gchar *str)
+_escape_sql_string (const gchar *str,
+ gchar ch)
{
int i, j, len;
gchar *copy;
@@ -478,8 +479,8 @@ _escape_sql_string (const gchar *str)
i = j = 0;
while (i < len) {
- if (str[i] == '\'') {
- copy[j] = '\'';
+ if (str[i] == ch) {
+ copy[j] = ch;
j++;
}
@@ -519,7 +520,7 @@ _append_literal_sql (TrackerSparql *sparql,
switch (TRACKER_BINDING (binding)->data_type) {
case TRACKER_PROPERTY_TYPE_DATE:
full_str = g_strdup_printf ("%sT00:00:00Z", binding->literal);
- escaped = _escape_sql_string (full_str);
+ escaped = _escape_sql_string (full_str, '"');
_append_string (sparql, escaped);
g_free (escaped);
g_free (full_str);
@@ -528,7 +529,7 @@ _append_literal_sql (TrackerSparql *sparql,
case TRACKER_PROPERTY_TYPE_STRING:
case TRACKER_PROPERTY_TYPE_LANGSTRING:
case TRACKER_PROPERTY_TYPE_RESOURCE:
- escaped = _escape_sql_string (binding->literal);
+ escaped = _escape_sql_string (binding->literal, '"');
_append_string (sparql, escaped);
g_free (escaped);
break;
@@ -4662,7 +4663,7 @@ translate_ServiceGraphPattern (TrackerSparql *sparql,
tracker_parser_node_get_extents (pattern, &pattern_start, &pattern_end);
pattern_str = g_strndup (&sparql->sparql[pattern_start], pattern_end - pattern_start);
- escaped_str = _escape_sql_string (pattern_str);
+ escaped_str = _escape_sql_string (pattern_str, '"');
g_string_append (service_sparql, escaped_str);
g_free (pattern_str);
g_free (escaped_str);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]