[PATCH] dlr_mysql.c - Table name fix

Fri, 09 Oct 2009 06:23:00 -0700 

Hi all,

Here is a patch that escape table names from mysql specs.
This will fix the SQL syntax error.

Simple POC (set your mysql conf as this)
group = dlr-db
id = mydlr
table = SELECT

You will get : ERROR 1064 (42000): You have an error in your SQL syntax;

Vincent

--
Telemaque - 06560 SOPHIA-ANTIPOLIS - (FR)
Service Technique/Reseau - NOC
Direction du Developpement xMS+
http://www.telemaque.fr/
v.chava...@telemaque.fr
Tel : +33 4 92 90 99 84 (fax 9142)

--- dlr_mysql.c 2009-09-04 09:59:31.000000000 +0200
+++ dlr_mysql.c 2009-10-09 15:02:03.032683139 +0200
@@ -103,7 +103,7 @@
         return;
     }
 
-    sql = octstr_format("INSERT INTO %S (%S, %S, %S, %S, %S, %S, %S, %S, %S) 
VALUES "
+    sql = octstr_format("INSERT INTO `%S` (`%S`, `%S`, `%S`, `%S`, `%S`, `%S`, 
`%S`, `%S`, `%S`) VALUES "
                         "(?, ?, ?, ?, ?, ?, ?, ?, 0)",
                         fields->table, fields->field_smsc, fields->field_ts,
                         fields->field_src, fields->field_dst, 
fields->field_serv,
@@ -144,7 +144,7 @@
     if (pconn == NULL) /* should not happens, but sure is sure */
         return NULL;
 
-    sql = octstr_format("SELECT %S, %S, %S, %S, %S, %S FROM %S WHERE %S=? AND 
%S=? LIMIT 1",
+    sql = octstr_format("SELECT `%S`, `%S`, `%S`, `%S`, `%S`, `%S` FROM `%S` 
WHERE `%S`=? AND `%S`=? LIMIT 1",
                         fields->field_mask, fields->field_serv,
                         fields->field_url, fields->field_src,
                         fields->field_dst, fields->field_boxc,
@@ -202,7 +202,7 @@
     if (pconn == NULL)
         return;
 
-    sql = octstr_format("DELETE FROM %S WHERE %S=? AND %S=? LIMIT 1",
+    sql = octstr_format("DELETE FROM `%S` WHERE `%S`=? AND `%S`=? LIMIT 1",
                         fields->table, fields->field_smsc,
                         fields->field_ts);
 
@@ -234,7 +234,7 @@
     if (pconn == NULL)
         return;
 
-    sql = octstr_format("UPDATE %S SET %S=? WHERE %S=? AND %S=? LIMIT 1",
+    sql = octstr_format("UPDATE `%S` SET `%S`=? WHERE `%S`=? AND `%S`=? LIMIT 
1",
                         fields->table, fields->field_status,
                         fields->field_smsc, fields->field_ts);
 
@@ -267,7 +267,7 @@
     if (conn == NULL)
         return -1;
 
-    sql = octstr_format("SELECT count(*) FROM %S", fields->table);
+    sql = octstr_format("SELECT count(*) FROM `%S`", fields->table);
 #if defined(DLR_TRACE)
     debug("dlr.mysql", 0, "sql: %s", octstr_get_cstr(sql));
 #endif
@@ -301,7 +301,7 @@
     if (pconn == NULL)
         return;
 
-    sql = octstr_format("DELETE FROM %S", fields->table);
+    sql = octstr_format("DELETE FROM `%S`", fields->table);
 #if defined(DLR_TRACE)
     debug("dlr.mysql", 0, "sql: %s", octstr_get_cstr(sql));
 #endif

Reply via email to