clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support NO_BACKSLASH_ESCAPES with newer libmysqlclient

Browse Source 
Requires the use of mysql_real_escape_string_quote().
This commit is contained in:
Nikita Popov 2020-09-18 10:29:28 +02:00
parent 77f43e48ff
commit 70cba36fc9
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/mysqli/mysqli_api.c
View File

@ -1954,6 +1954,11 @@ PHP_FUNCTION(mysqli_real_query)
}
/* }}} */
#if defined(PDO_USE_MYSQLND) || MYSQL_VERSION_ID < 50707 || defined(MARIADB_BASE_VERSION)
# define mysql_real_escape_string_quote(mysql, to, from, length, quote) \
mysql_real_escape_string(mysql, to, from, length)
#endif
/* {{{ proto string mysqli_real_escape_string(object link, string escapestr)
Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection */
PHP_FUNCTION(mysqli_real_escape_string) {
@ -1969,7 +1974,7 @@ PHP_FUNCTION(mysqli_real_escape_string) {
MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID);
newstr = zend_string_alloc(2 * escapestr_len, 0);
ZSTR_LEN(newstr) = mysql_real_escape_string(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len);
ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\'');
newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0);
RETURN_NEW_STR(newstr);

9
ext/pdo_mysql/mysql_driver.c
View File

@ -293,6 +293,11 @@ static char *pdo_mysql_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t *
}
/* }}} */
#if defined(PDO_USE_MYSQLND) || MYSQL_VERSION_ID < 50707 || defined(MARIADB_BASE_VERSION)
# define mysql_real_escape_string_quote(mysql, to, from, length, quote) \
mysql_real_escape_string(mysql, to, from, length)
#endif
/* {{{ mysql_handle_quoter */
static int mysql_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
{
@ -315,13 +320,13 @@ static int mysql_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
*quoted = safe_emalloc(2, unquotedlen, 3 + (use_national_character_set ? 1 : 0));
if (use_national_character_set) {
*quotedlen = mysql_real_escape_string(H->server, *quoted + 2, unquoted, unquotedlen);
*quotedlen = mysql_real_escape_string_quote(H->server, *quoted + 2, unquoted, unquotedlen, '\'');
(*quoted)[0] = 'N';
(*quoted)[1] = '\'';
++*quotedlen; /* N prefix */
} else {
*quotedlen = mysql_real_escape_string(H->server, *quoted + 1, unquoted, unquotedlen);
*quotedlen = mysql_real_escape_string_quote(H->server, *quoted + 1, unquoted, unquotedlen, '\'');
(*quoted)[0] = '\'';
}