[nemiver] Escape strings saved in sessions (Closes: #579569)
- From: Dodji Seketeli <dodji src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [nemiver] Escape strings saved in sessions (Closes: #579569)
- Date: Sun, 22 Nov 2009 21:22:03 +0000 (UTC)
commit be6d3670d3be5d4e26a61311fe82225afc4c7822
Author: Dodji Seketeli <dodji redhat com>
Date: Sun Nov 22 22:16:45 2009 +0100
Escape strings saved in sessions (Closes: #579569)
* src/common/nmv-sql-statement.cc (SQLStatement::escape_string):
Overhaul.
* src/persp/dbgperspective/nmv-sess-mgr.cc (SessMgr::store_session):
Use SQLStatement::escape_string to escape sub-strings to build sql
requests.
src/common/nmv-sql-statement.cc | 33 +++++++++++++++++++++++++----
src/persp/dbgperspective/nmv-sess-mgr.cc | 22 ++++++++++---------
2 files changed, 40 insertions(+), 15 deletions(-)
---
diff --git a/src/common/nmv-sql-statement.cc b/src/common/nmv-sql-statement.cc
index 9412ba1..4309ebb 100644
--- a/src/common/nmv-sql-statement.cc
+++ b/src/common/nmv-sql-statement.cc
@@ -45,16 +45,39 @@ SQLStatement::to_string () const
return m_priv->sql_string;
}
+/// Escape a string by making sure all the lone '\'' in the string are
+/// escaped properly by a string "''".
+/// If given a string that is already escaped, this function should do the
+/// right thing.
+/// \param a_sql_string the string to escape
+/// \return the escaped string.
common::UString
SQLStatement::escape_string (const common::UString &a_sql_string)
{
UString out_string;
- unsigned int i (0);
- for (i = 0; i != a_sql_string.length () ; ++i ) {
- out_string.append (1,a_sql_string[i]);
- if (a_sql_string[i] == '\'') {
- out_string.append (1,a_sql_string[i]);
+ unsigned i = 0;
+ char c;
+ while (i < a_sql_string.raw ().length ()) {
+ c = a_sql_string.raw ()[i];
+ if (c == '\'') {
+ if (i + 1 < a_sql_string.raw ().length ()
+ && a_sql_string.raw ()[i + 1] == '\'') {
+ // This character '\'' precedes another '\'' character.
+ // It means the next '\'' is escaped. We don't need to
+ // escape anything, just insert the string "''".
+ i += 2;
+ } else {
+ // This '\'' character is not followed by a '\''. So we
+ // must escape this by "''". Yes in sql, a '\'' is escaped
+ // by the string "''".
+ ++i;
+ }
+ out_string.append ("''");
+ continue;
+ } else {
+ out_string.append (1, c);
}
+ ++i;
}
return out_string;
}
diff --git a/src/persp/dbgperspective/nmv-sess-mgr.cc b/src/persp/dbgperspective/nmv-sess-mgr.cc
index 38f8297..dd236c5 100644
--- a/src/persp/dbgperspective/nmv-sess-mgr.cc
+++ b/src/persp/dbgperspective/nmv-sess-mgr.cc
@@ -300,8 +300,8 @@ SessMgr::store_session (Session &a_session,
++prop_iter) {
query = "insert into attributes values(NULL, "
+ UString::from_int (a_session.session_id ()) + ", '"
- + prop_iter->first + "', '"
- + prop_iter->second
+ + SQLStatement::escape_string (prop_iter->first) + "', '"
+ + SQLStatement::escape_string (prop_iter->second)
+ "')";
LOG_DD ("query: " << query);
THROW_IF_FAIL
@@ -319,8 +319,8 @@ SessMgr::store_session (Session &a_session,
++var_iter) {
query = "insert into env_variables values(NULL, "
+ UString::from_int (a_session.session_id ()) + ", '"
- + var_iter->first + "', '"
- + var_iter->second
+ + SQLStatement::escape_string (var_iter->first) + "', '"
+ + SQLStatement::escape_string (var_iter->second)
+ "')";
LOG_DD ("query: " << query);
THROW_IF_FAIL
@@ -341,11 +341,13 @@ SessMgr::store_session (Session &a_session,
condition.chomp ();
query = "insert into breakpoints values(NULL, "
+ UString::from_int (a_session.session_id ()) + ", '"
- + break_iter->file_name () + "', '"
- + break_iter->file_full_name () + "', "
+ + SQLStatement::escape_string
+ (break_iter->file_name ()) + "', '"
+ + SQLStatement::escape_string
+ (break_iter->file_full_name ()) + "', "
+ UString::from_int (break_iter->line_number ()) + ", "
+ UString::from_int (break_iter->enabled ()) + ", "
- + "'" + condition + "'" + ", "
+ + "'" + SQLStatement::escape_string (condition) + "'" + ", "
+ UString::from_int (break_iter->ignore_count ())
+ ")";
LOG_DD ("query: " << query);
@@ -367,7 +369,7 @@ SessMgr::store_session (Session &a_session,
expression.chomp ();
query = "insert into watchpoints values(NULL, "
+ UString::from_int (a_session.session_id ()) + ", '"
- + expression + "', "
+ + SQLStatement::escape_string (expression) + "', "
+ UString::from_int (watch_iter->is_read ()) + ", "
+ UString::from_int (watch_iter->is_write ())
+ ")";
@@ -387,7 +389,7 @@ SessMgr::store_session (Session &a_session,
++ofile_iter) {
query = "insert into openedfiles values(NULL, "
+ UString::from_int (a_session.session_id ()) + ", '"
- + *ofile_iter
+ + SQLStatement::escape_string (*ofile_iter)
+ "')";
LOG_DD ("query: " << query);
THROW_IF_FAIL
@@ -405,7 +407,7 @@ SessMgr::store_session (Session &a_session,
++path_iter) {
query = "insert into searchpaths values(NULL, "
+ UString::from_int (a_session.session_id ()) + ", '"
- + *path_iter
+ + SQLStatement::escape_string (*path_iter)
+ "')";
LOG_DD ("query: " << query);
THROW_IF_FAIL
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
