Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fix quote, escape single quote only

  • Loading branch information...
commit af3d43072c65509682686de94a6405c765da0bd0 1 parent 8ae48dd
Gasol Wu authored
Showing with 36 additions and 14 deletions.
  1. +36 −14 cassandra_driver.cpp
View
50 cassandra_driver.cpp
@@ -445,19 +445,41 @@ static long pdo_cassandra_handle_execute(pdo_dbh_t *dbh, const char *sql, long s
*/
static int pdo_cassandra_handle_quote(pdo_dbh_t *dbh, const char *unquoted, int unquotedlen, char **quoted, int *quotedlen, enum pdo_param_type paramtype TSRMLS_DC)
{
- char *escaped;
- int new_length;
-
- // const_cast should be fine here, php_addslashes shouldn't modify the data
- escaped = php_addslashes(const_cast <char *>(unquoted), unquotedlen, &new_length, 0 TSRMLS_CC);
-
- if (!escaped) {
- return 0;
- }
-
- *quotedlen = spprintf(quoted, 0, "'%s'", escaped);
- efree(escaped);
- return 1;
+ switch (PDO_PARAM_TYPE(paramtype)) {
+ case PDO_PARAM_INT:
+ long lval;
+ double dval;
+ switch (is_numeric_string(unquoted, unquotedlen, &lval, &dval, 0)) {
+ case IS_LONG:
+ *quoted = estrdup(unquoted);
+ *quotedlen = unquotedlen;
+ return 1;
+ case IS_DOUBLE:
+ default:
+ return 0;
+ }
+ break;
+ case PDO_PARAM_BOOL:
+ // XXX: never called so far, because pdo treat PDO_PARAM_BOOL as PDO_PARAM_STR
+ // TODO: consider to handle PDO::PARAM_BOOL
+ case PDO_PARAM_STR:
+ default:
+ char *escaped;
+ int new_length;
+ int replace_count;
+
+ // const_cast should be fine here, php_str_to_str_ex shouldn't modify the data
+ escaped = php_str_to_str_ex(const_cast <char *>(unquoted), unquotedlen, "'", 1, "''", 2, &new_length, 1, &replace_count);
+
+ if (!escaped) {
+ return 0;
+ }
+
+ *quotedlen = spprintf(quoted, 0, "'%s'", escaped);
+ efree(escaped);
+ return 1;
+ break;
+ }
}
/* }}} */
@@ -693,4 +715,4 @@ zend_module_entry pdo_cassandra_module_entry = {
#if defined(COMPILE_DL_PDO_CASSANDRA)
ZEND_GET_MODULE(pdo_cassandra)
-#endif
+#endif
Please sign in to comment.
Something went wrong with that request. Please try again.