|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[1998-11-27 12:09 UTC] rasmus
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 01:00:01 2025 UTC |
When constructing a query for Oracle containing user supplied values ora_Parse will break if the user entered a value containing a ' such seaching an Oracle database for occurences of Bill's House. PHP quotes the single ' in the variable containg the search criteria with a \ (it becomes Bill\' House), oracle needs single a single quote to be quoted with another ' (it should be Bill''s House). The following patch will change a PHP quoted \' to a '' for submission to the Oracle SQL parse function. --- oracle.c.orig Fri Nov 27 16:37:56 1998 +++ oracle.c Fri Nov 27 16:43:27 1998 @@ -709,7 +709,7 @@ pval *argv[3]; oraCursor *cursor; sword defer = 0; - text *query; + text *query, *quote; argc = ARG_COUNT(ht); if ((argc != 2 && argc != 3) || getParametersArray(ht, argc, argv) == FAILURE) { @@ -738,6 +738,11 @@ if (cursor->query) { efree(cursor->query); } + + quote = query; + while ((quote = strstr("\\\'", quote)) != NULL) + *quote = '\''; + cursor->query = query; cursor->fetched = 0; if(cursor->params && cursor->nparams > 0){ @@ -925,7 +930,7 @@ pval *argv[2]; oraConnection *conn = NULL; oraCursor *cursor = NULL; - text *query; + text *query, *quote; if (ARG_COUNT(ht) != 2 || getParametersArray(ht, 2, argv) == FAILURE) { WRONG_PARAM_COUNT; @@ -962,8 +967,12 @@ RETURN_FALSE; } cursor->open = 1; - cursor->conn_ptr = conn; - + cursor->conn_ptr = conn; + + quote = query; + while ((quote = strstr("\\\'", quote)) != NULL) + *quote = '\''; + /* Prepare stmt */ if (oparse(&cursor->cda, query, (sb4) - 1, 1, VERSION_7)){