(sql_escape_string): Escape backslashes.
Showing
1 changed file
with
3 additions
and
2 deletions
| ... | @@ -72,10 +72,11 @@ sql_escape_string (const char *ustr) | ... | @@ -72,10 +72,11 @@ sql_escape_string (const char *ustr) |
| 72 | char *str, *q; | 72 | char *str, *q; |
| 73 | const unsigned char *p; | 73 | const unsigned char *p; |
| 74 | size_t len = strlen (ustr); | 74 | size_t len = strlen (ustr); |
| 75 | #define ESCAPABLE_CHAR "\\'\"" | ||
| 75 | 76 | ||
| 76 | for (p = (const unsigned char *) ustr; *p; p++) | 77 | for (p = (const unsigned char *) ustr; *p; p++) |
| 77 | { | 78 | { |
| 78 | if (strchr ("'\"", *p)) | 79 | if (strchr (ESCAPABLE_CHAR, *p)) |
| 79 | len++; | 80 | len++; |
| 80 | } | 81 | } |
| 81 | 82 | ||
| ... | @@ -85,7 +86,7 @@ sql_escape_string (const char *ustr) | ... | @@ -85,7 +86,7 @@ sql_escape_string (const char *ustr) |
| 85 | 86 | ||
| 86 | for (p = (const unsigned char *) ustr, q = str; *p; p++) | 87 | for (p = (const unsigned char *) ustr, q = str; *p; p++) |
| 87 | { | 88 | { |
| 88 | if (strchr ("'\"", *p)) | 89 | if (strchr (ESCAPABLE_CHAR, *p)) |
| 89 | *q++ = '\\'; | 90 | *q++ = '\\'; |
| 90 | *q++ = *p; | 91 | *q++ = *p; |
| 91 | } | 92 | } | ... | ... |
-
Please register or sign in to post a comment