(sql_escape_string): Escape backslashes.

Sergey Poznyakoff
Commit 0a1f6ac7 ... 0a1f6ac7e8567490012820d6c4b62c006909bb53 authored 2005-05-19 08:23:46 +0000 by Sergey Poznyakoff
Showing 1 changed file with 3 additions and 2 deletions
auth/sql.c
--- a/auth/sql.c
View file @0a1f6ac
+++ b/auth/sql.c
View file @0a1f6ac
@@ -72,10 +72,11 @@ sql_escape_string (const char *ustr)
  char *str, *q;
  const unsigned char *p;
  size_t len = strlen (ustr);
+#define ESCAPABLE_CHAR "\\'\""
  
  for (p = (const unsigned char *) ustr; *p; p++)
    {
-      if (strchr ("'\"", *p))
+      if (strchr (ESCAPABLE_CHAR, *p))
 	len++;
    }

@@ -85,7 +86,7 @@ sql_escape_string (const char *ustr)

  for (p = (const unsigned char *) ustr, q = str; *p; p++)
    {
-      if (strchr ("'\"", *p))
+      if (strchr (ESCAPABLE_CHAR, *p))
 	*q++ = '\\';
      *q++ = *p;
    }