Changeset 970


Ignore:
Timestamp:
12/30/05 14:20:53 (9 years ago)
Author:
jtv
Message:

Escape strings before using them in SQL

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/test/test085.cxx

    r846 r970  
    2727 
    2828 
    29 string stringize(const string &arg) { return "'" + arg + "'"; } 
     29string stringize(const string &arg) { return "'" + sqlesc(arg) + "'"; } 
    3030string stringize(const char arg[]) {return arg?stringize(string(arg)):"null";} 
    3131string stringize(char arg[]) {return arg?stringize(string(arg)):"null";} 
     
    3535// but it should do for just this test.  The main shortcomings are escaping, 
    3636// and not knowing when to quote the variables. 
    37 // Note we need to do the replacement backwards (meaning forward_only 
    38 // iterators won't do!) to avoid substituting "$12" as "$1" first. 
     37// Note we do the replacement backwards (meaning forward_only iterators won't 
     38// do!) to avoid substituting e.g. "$12" as "$1" first. 
    3939template<typename ITER> string subst(string q, ITER patbegin, ITER patend) 
    4040{ 
     
    4242  for (ITER arg = --patend; i > 0; --arg, --i) 
    4343  { 
    44     const string marker = "$" + to_string(i), var = stringize(*arg); 
     44    const string marker = "$" + to_string(i), 
     45          var = stringize(*arg); 
    4546    const string::size_type msz = marker.size(); 
    4647    while (q.find(marker) != string::npos) q.replace(q.find(marker),msz,var); 
Note: See TracChangeset for help on using the changeset viewer.