Merge pull request #5 from Gasol/develop

fix PDO::quote
mkoppanen · Dec 30, 2011 · 7debd5b · 7debd5b
2 parents 8ae48dd + dcab08c
commit 7debd5b
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 21 deletions.
diff --git a/cassandra_driver.cpp b/cassandra_driver.cpp
@@ -445,19 +445,41 @@ static long pdo_cassandra_handle_execute(pdo_dbh_t *dbh, const char *sql, long s
 */
 static int pdo_cassandra_handle_quote(pdo_dbh_t *dbh, const char *unquoted, int unquotedlen, char **quoted, int *quotedlen, enum pdo_param_type paramtype TSRMLS_DC)
 {
-	char *escaped;
-	int new_length;
-
-	// const_cast should be fine here, php_addslashes shouldn't modify the data
-	escaped = php_addslashes(const_cast <char *>(unquoted), unquotedlen, &new_length, 0 TSRMLS_CC);
-
-	if (!escaped) {
-		return 0;
-	}
-
-	*quotedlen = spprintf(quoted, 0, "'%s'", escaped);
-	efree(escaped);
-	return 1;
+    switch (PDO_PARAM_TYPE(paramtype)) {
+        case PDO_PARAM_INT:
+            long lval;
+            double dval;
+            switch (is_numeric_string(unquoted, unquotedlen, &lval, &dval, 0)) {
+                case IS_LONG:
+                    *quoted = estrdup(unquoted);
+                    *quotedlen = unquotedlen;
+                    return 1;
+                case IS_DOUBLE:
+                default:
+                    return 0;
+            }
+            break;
+        case PDO_PARAM_BOOL:
+            // XXX: never called so far, because pdo treat PDO_PARAM_BOOL as PDO_PARAM_STR
+            // TODO: consider to handle PDO::PARAM_BOOL
+        case PDO_PARAM_STR:
+        default:
+            char *escaped;
+            int new_length;
+            int replace_count;
+
+            // const_cast should be fine here, php_str_to_str_ex shouldn't modify the data
+            escaped = php_str_to_str_ex(const_cast <char *>(unquoted), unquotedlen, "'", 1, "''", 2, &new_length, 1, &replace_count);
+
+            if (!escaped) {
+                return 0;
+            }
+
+            *quotedlen = spprintf(quoted, 0, "'%s'", escaped);
+            efree(escaped);
+            return 1;
+            break;
+    }
 }
 /* }}} */
 
@@ -693,4 +715,4 @@ zend_module_entry pdo_cassandra_module_entry = {
 
 #if defined(COMPILE_DL_PDO_CASSANDRA)
 ZEND_GET_MODULE(pdo_cassandra)
-#endif
+#endif
diff --git a/tests/012-quoter.phpt b/tests/012-quoter.phpt
@@ -8,17 +8,29 @@ Test quoting values
 require_once(dirname(__FILE__) . '/config.inc');
 
 $db = new PDO($dsn);
+
 var_dump ($db->quote ("'hello' 'world'"));
 var_dump ($db->quote ("Co'mpl''ex \"st'\"ring"));
-var_dump ($db->quote ("'''''''''", PDO::PARAM_LOB));
 var_dump ($db->quote ("test " . chr(0) . " value"));
-
+var_dump ($db->quote ("return false", PDO::PARAM_INT));
+var_dump ($db->quote (1234, PDO::PARAM_INT));
+var_dump ($db->quote ("4321", PDO::PARAM_INT)); // string represents an integer should be fine
+var_dump ($db->quote ("'''''''''", PDO::PARAM_LOB));
+var_dump ($db->quote ('true'));
+var_dump ($db->quote ('false'));
+//var_dump ($db->quote (true, PDO::PARAM_BOOL)); // broken
+//var_dump ($db->quote (false, PDO::PARAM_BOOL));
 
 echo "OK";
 ?>
 --EXPECT--
-string(21) "'\'hello\' \'world\''"
-string(28) "'Co\'mpl\'\'ex \"st\'\"ring'"
-string(20) "'\'\'\'\'\'\'\'\'\''"
-string(15) "'test \0 value'"
-OK
+string(21) "'''hello'' ''world'''"
+string(26) "'Co''mpl''''ex "st''"ring'"
+string(7) "'test '"
+bool(false)
+string(4) "1234"
+string(4) "4321"
+string(20) "''''''''''''''''''''"
+string(6) "'true'"
+string(7) "'false'"
+OK