From a7d4746c0072121d93b57da8901cdaedeec620f8 Mon Sep 17 00:00:00 2001
From: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Fri, 21 Jul 2006 19:55:24 +0000
Subject: Deal with ? substitution, we're at the point now where we can call
 the mysql_real_query function (mysql_real_query takes char* and length
 params, mysql_query just takes char*, and cant deal with NULLs) TODO after
 this: signal the main ircd thread that theres a result ready on a given db
 id, and to fetch that result and post it back to the caller

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@4480 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/modules/extra/m_mysql.cpp | 74 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 72 insertions(+), 2 deletions(-)

(limited to 'src/modules/extra')

diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp
index 36624ee6e..bc3586c38 100644
--- a/src/modules/extra/m_mysql.cpp
+++ b/src/modules/extra/m_mysql.cpp
@@ -200,8 +200,78 @@ class SQLConnection : public classbase
 
 	void DoLeadingQuery()
 	{
-		SQLrequest& query = queue.front();
-		log(DEBUG,"DO QUERY: %s",query.query.q.c_str());
+		/* Parse the command string and dispatch it to mysql */
+		SQLrequest& req = queue.front();
+		log(DEBUG,"DO QUERY: %s",req.query.q.c_str());
+
+		/* Pointer to the buffer we screw around with substitution in */
+		char* query;
+
+		/* Pointer to the current end of query, where we append new stuff */
+		char* queryend;
+
+		/* Total length of the unescaped parameters */
+		unsigned long paramlen;
+
+		paramlen = 0;
+
+		for(ParamL::iterator i = req.query.p.begin(); i != req.query.p.end(); i++)
+		{
+			paramlen += i->size();
+		}
+
+		/* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be.
+		 * sizeofquery + (totalparamlength*2) + 1
+		 *
+		 * The +1 is for null-terminating the string for mysql_real_escape_string
+		 */
+
+		query = new char[req.query.q.length() + (paramlen*2)];
+		queryend = query;
+
+		/* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting
+		 * the parameters into it...
+		 */
+
+		for(unsigned long i = 0; i < req.query.q.length(); i++)
+		{
+			if(req.query.q[i] == '?')
+			{
+				/* We found a place to substitute..what fun.
+				 * use mysql calls to escape and write the
+				 * escaped string onto the end of our query buffer,
+				 * then we "just" need to make sure queryend is
+				 * pointing at the right place.
+				 */
+				if(req.query.p.size())
+				{
+					unsigned long len = mysql_real_escape_string(&connection, queryend, req.query.p.front().c_str(), req.query.p.front().length());
+
+					queryend += len;
+					req.query.p.pop_front();
+				}
+				else
+				{
+					log(DEBUG, "Found a substitution location but no parameter to substitute :|");
+					break;
+				}
+			}
+			else
+			{
+				*queryend = req.query.q[i];
+				queryend++;
+			}
+		}
+
+		*queryend = 0;
+
+		log(DEBUG, "Attempting to dispatch query: %s", query);
+
+		pthread_mutex_lock(&queue_mutex);
+		req.query.q = query;
+		pthread_mutex_unlock(&queue_mutex);
+
+		/* TODO: Do the mysql_real_query here */
 	}
 
 	// This method issues a query that expects multiple rows of results. Use GetRow() and QueryDone() to retrieve
-- 
cgit v1.2.3