Bugfix: Use '' instead of \' to escape single quotes in SQL

[gnucomo.git] / src / gcm_input / string_utils.cpp

diff --git a/src/gcm_input/string_utils.cpp b/src/gcm_input/string_utils.cpp
index 56010a1..90a4efd 100644 (file)
--- a/src/gcm_input/string_utils.cpp
+++ b/src/gcm_input/string_utils.cpp
@@ -8,7 +8,7 @@
 ***********************
 **      FILE NAME      : string_utils.cpp
 **      SYSTEM NAME    : Gnucomo - Gnu Computer Monitoring
-**      VERSION NUMBER : $Revision: 1.1 $
+**      VERSION NUMBER : $Revision: 1.3 $
 **
 **  DESCRIPTION      :  Utility functions for Strings
 **
@@ -20,20 +20,26 @@
 ********************************
 **      ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
 **      CREATION DATE   : Jul 31, 2003
-**      LAST UPDATE     : Jul 31, 2003
+**      LAST UPDATE     : Mar 14, 2015
 **      MODIFICATIONS   : 
 **************************************************************************/
 
 /*****************************
    $Log: string_utils.cpp,v $
-   Revision 1.1  2003-08-05 08:15:01  arjen
+   Revision 1.3  2003-12-04 09:57:35  arjen
+   Transform non-ASCII characters into hexadecimal entities.
+
+   Revision 1.2  2003/10/27 11:26:43  arjen
+   Backslashes are correctly escaped with another backslash
+
+   Revision 1.1  2003/08/05 08:15:01  arjen
    Debug output to the log stream instead of cerr.
    Fixed namespace problems in XPath searches of the DOM.
    Moved string utility functions to a separate file.
 
 *****************************/
 
-static const char *RCSID = "$Id: string_utils.cpp,v 1.1 2003-08-05 08:15:01 arjen Exp $";
+static const char *RCSID = "$Id: string_utils.cpp,v 1.3 2003-12-04 09:57:35 arjen Exp $";
 
 #include <AXE/String.h>
 
@@ -43,13 +49,13 @@ static const char *RCSID = "$Id: string_utils.cpp,v 1.1 2003-08-05 08:15:01 arje
 **  PARAMETERS     : 
 **  RETURN VALUE   : 
 **
-**  DESCRIPTION    : Insert backslashes before single quotes.
+**  DESCRIPTION    : Double backslashes and single quotes as per SQL syntax.
 **
 **  VARS USED      :
 **  VARS CHANGED   :
 **  FUNCTIONS USED :
 **  SEE ALSO       :
-**  LAST MODIFIED  : 
+**  LAST MODIFIED  : Mar 14, 2015
 **=========================================================================
 */
 
@@ -59,11 +65,16 @@ String SQL_Escape(String s)
 
    for (i = 0; i < ~s; i++)
    {
-      if (s[i] == '\'')
+      if (s[i] == '\\')
       {
          s(i,0) = "\\";
          i++;
       }
+      if (s[i] == '\'')
+      {
+         s(i,0) = "'";
+         i++;
+      }
    }
 
    return s;
@@ -79,12 +90,14 @@ String SQL_Escape(String s)
 **                          "<"  =>   "&lt;"
 **                          ">"  =>   "&gt;"
 **                          "&"  =>   "&amp;"
+**                   Any non-ASCII characters or ASCII control codes are transformed
+**                   into hexadecimal entities.
 **
 **  VARS USED      :
 **  VARS CHANGED   :
 **  FUNCTIONS USED :
 **  SEE ALSO       :
-**  LAST MODIFIED  : 
+**  LAST MODIFIED  : Nov 30, 2003
 **=========================================================================
 */
 
@@ -108,6 +121,25 @@ String XML_Entities(String s)
          s(i,1) = "&gt;";
          i++;
          break;
+      default:
+         if ((s[i] & 0x80) != 0)
+         {
+            // Construct a hexadecimal entity
+            const char hexdigit[] = "0123456789abcdef";
+            char  entity[] = "&#x..;";
+
+            entity[3] = hexdigit[(s[i] >> 4) & 0x0F];
+            entity[4] = hexdigit[ s[i]       & 0x0F];
+
+            s(i,1) = entity;
+            i++;
+         }
+         else if (s[i] < ' ' && s[i] != '\t' && s[i] != '\r')
+         {
+            std::cerr << "WARNING: discarding illegal character " << int(s[i]) << "\n";
+            s(i,1) = "";
+            i++;
+         }
       }
    }