- /* How many params are there in the query? */
- paramcount = count(req.query.q.c_str(), '?');
-
- /* This stores copy of params to be inserted with using numbered params 1;3B*/
- ParamL paramscopy(req.query.p);
-
- /* To avoid a lot of allocations, allocate enough memory for the biggest the escaped query could possibly be.
- * sizeofquery + (maxtotalparamlength*2) + 1
- *
- * The +1 is for null-terminating the string for PQsendQuery()
- */
-
- query = new char[req.query.q.length() + (maxparamlen*paramcount*2) + 1];
- queryend = query;
-
- /* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting
- * the parameters into it...
- */
-
- for(unsigned int i = 0; i < req.query.q.length(); i++)
- {
- if(req.query.q[i] == '?')
- {
- /* We found a place to substitute..what fun.
- * Use the PgSQL calls to escape and write the
- * escaped string onto the end of our query buffer,
- * then we "just" need to make sure queryend is
- * pointing at the right place.
- */
-
- /* Is it numbered parameter?
- */
-
- bool numbered;
- numbered = false;
-
- /* Numbered parameter number :|
- */
- unsigned int paramnum;
- paramnum = 0;
-
- /* Let's check if it's a numbered param. And also calculate it's number.
- */
-
- while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
- {
- numbered = true;
- ++i;
- paramnum = paramnum * 10 + req.query.q[i] - '0';
- }
-
- if (paramnum > paramscopy.size() - 1)
- {
- /* index is out of range!
- */
- numbered = false;
- }
-
- if (numbered)
- {
- int error = 0;
- size_t len = 0;
-
-#ifdef PGSQL_HAS_ESCAPECONN
- len = PQescapeStringConn(sql, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length(), &error);
-#else
- len = PQescapeString (queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
-#endif
- if (error)
- {
- ServerInstance->Logs->Log("m_pgsql", DEBUG, "BUG: Apparently PQescapeStringConn() failed somehow...don't know how or what to do...");
- }
-
- /* Incremenet queryend to the end of the newly escaped parameter */
- queryend += len;
- }
- else if (req.query.p.size())
- {
- int error = 0;
- size_t len = 0;
-
-#ifdef PGSQL_HAS_ESCAPECONN
- len = PQescapeStringConn(sql, queryend, req.query.p.front().c_str(), req.query.p.front().length(), &error);
-#else
- len = PQescapeString (queryend, req.query.p.front().c_str(), req.query.p.front().length());
-#endif
- if(error)
- {
- ServerInstance->Logs->Log("m_pgsql",DEBUG, "BUG: Apparently PQescapeStringConn() failed somehow...don't know how or what to do...");
- }
-
- /* Incremenet queryend to the end of the newly escaped parameter */
- queryend += len;
-
- /* Remove the parameter we just substituted in */
- req.query.p.pop_front();
- }
- else
- {
- ServerInstance->Logs->Log("m_pgsql",DEBUG, "BUG: Found a substitution location but no parameter to substitute :|");
- break;
- }
- }
- else
- {
- *queryend = req.query.q[i];
- queryend++;
- }
- }
-
- /* Null-terminate the query */
- *queryend = 0;
- req.query.q = query;
-
- if(PQsendQuery(sql, query))
- {
- qinprog = true;
- delete[] query;
- return SQLerror();
- }
- else