+ /* We found a place to substitute..what fun.
+ * use mssql calls to escape and write the
+ * escaped string onto the end of our query buffer,
+ * then we "just" need to make sure queryend is
+ * pointing at the right place.
+ */
+
+ /* Is it numbered parameter?
+ */
+
+ bool numbered;
+ numbered = false;
+
+ /* Numbered parameter number :|
+ */
+ unsigned int paramnum;
+ paramnum = 0;
+
+ /* Let's check if it's a numbered param. And also calculate it's number.
+ */
+
+ while ((i < req->query.q.length() - 1) && (req->query.q[i+1] >= '0') && (req->query.q[i+1] <= '9'))
+ {
+ numbered = true;
+ ++i;
+ paramnum = paramnum * 10 + req->query.q[i] - '0';
+ }
+
+ if (paramnum > paramscopy.size() - 1)
+ {
+ /* index is out of range!
+ */
+ numbered = false;
+ }
+
+ if (numbered)
+ {
+ /* Custom escaping for this one. converting ' to '' should make SQL Server happy. Ugly but fast :]
+ */
+ char* escaped = new char[(paramscopy[paramnum].length() * 2) + 1];
+ char* escend = escaped;
+ for (std::string::iterator p = paramscopy[paramnum].begin(); p < paramscopy[paramnum].end(); p++)
+ {
+ if (*p == '\'')
+ {
+ *escend = *p;
+ escend++;
+ *escend = *p;
+ }
+ *escend = *p;
+ escend++;
+ }
+ *escend = 0;
+
+ for (char* n = escaped; *n; n++)
+ {
+ *queryend = *n;
+ queryend++;
+ }
+ delete[] escaped;
+ }
+ else if (req->query.p.size())