paweld/fpc
1
0
Fork 0
mirror of https://gitlab.com/freepascal.org/fpc/source.git synced 2025-08-29 20:40:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

+ Escape strings in string-parameters

Browse Source 
+ fix in the MySQL-bindings

git-svn-id: trunk@4043 -
This commit is contained in:
joost 2006-07-01 21:25:52 +00:00
parent 6e81f1adc5
commit 4855d28b3d
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
fcl/db/sqldb/mysql/mysqlconn.inc
View File

@ -71,6 +71,9 @@ Type
procedure DoInternalDisconnect; override; procedure DoInternalDisconnect; override;
function GetHandle : pointer; override; function GetHandle : pointer; override;
function GetAsSQLText(Field : TField) : string; overload; virtual;
function GetAsSQLText(Param : TParam) : string; overload; virtual;
Function AllocateCursorHandle : TSQLCursor; override; Function AllocateCursorHandle : TSQLCursor; override;
Procedure DeAllocateCursorHandle(var cursor : TSQLCursor); override; Procedure DeAllocateCursorHandle(var cursor : TSQLCursor); override;
Function AllocateTransactionHandle : TSQLHandle; override; Function AllocateTransactionHandle : TSQLHandle; override;
@ -184,6 +187,39 @@ begin
MySQlError(Nil,SErrServerConnectFailed,Self); MySQlError(Nil,SErrServerConnectFailed,Self);
end; end;
function TConnectionName.GetAsSQLText(Field : TField) : string;
var esc_str : pchar;
begin
if (not assigned(field)) or field.IsNull then Result := 'Null'
else if field.DataType = ftString then
begin
Getmem(esc_str,sizeof(field.asstring)*2+1);
mysql_real_escape_string(FMySQL,esc_str,pchar(field.asstring),length(field.asstring));
Result := '''' + esc_str + '''';
Freemem(esc_str);
end
else Result := inherited GetAsSqlText(field);
end;
function TConnectionName.GetAsSQLText(Param: TParam) : string;
var esc_str : pchar;
begin
if (not assigned(param)) or param.IsNull then Result := 'Null'
else if param.DataType = ftString then
begin
Getmem(esc_str,sizeof(param.asstring)*2+1);
mysql_real_escape_string(FMySQL,esc_str,pchar(param.asstring),length(param.asstring));
Result := '''' + esc_str + '''';
Freemem(esc_str);
end
else Result := inherited GetAsSqlText(Param);
end;
procedure TConnectionName.ConnectToServer; procedure TConnectionName.ConnectToServer;
Var Var

2
packages/base/mysql/mysql.inc
View File

@ -1568,7 +1568,7 @@ begin
pointer(mysql_ping) := GetProcedureAddress(MysqlLibraryHandle,'mysql_ping'); pointer(mysql_ping) := GetProcedureAddress(MysqlLibraryHandle,'mysql_ping');
pointer(mysql_query) := GetProcedureAddress(MysqlLibraryHandle,'mysql_query'); pointer(mysql_query) := GetProcedureAddress(MysqlLibraryHandle,'mysql_query');
pointer(mysql_real_connect) := GetProcedureAddress(MysqlLibraryHandle,'mysql_real_connect'); pointer(mysql_real_connect) := GetProcedureAddress(MysqlLibraryHandle,'mysql_real_connect');
pointer(mysql_real_escape_string) := GetProcedureAddress(MysqlLibraryHandle,'mysql_real_escape_String'); pointer(mysql_real_escape_string) := GetProcedureAddress(MysqlLibraryHandle,'mysql_real_escape_string');
pointer(mysql_real_query) := GetProcedureAddress(MysqlLibraryHandle,'mysql_real_query'); pointer(mysql_real_query) := GetProcedureAddress(MysqlLibraryHandle,'mysql_real_query');
pointer(mysql_refresh) := GetProcedureAddress(MysqlLibraryHandle,'mysql_refresh'); pointer(mysql_refresh) := GetProcedureAddress(MysqlLibraryHandle,'mysql_refresh');
// pointer(mysql_reload) := GetProcedureAddress(MysqlLibraryHandle,'mysql_reload'); // pointer(mysql_reload) := GetProcedureAddress(MysqlLibraryHandle,'mysql_reload');