- if(req.query.q[i] == '?')
- {
- /* We found a place to substitute..what fun.
- * Use the PgSQL calls to escape and write the
- * escaped string onto the end of our query buffer,
- * then we "just" need to make sure queryend is
- * pointing at the right place.
- */
-
- /* Is it numbered parameter?
- */
-
- bool numbered;
- numbered = false;
-
- /* Numbered parameter number :|
- */
- unsigned int paramnum;
- paramnum = 0;
-
- /* Let's check if it's a numbered param. And also calculate it's number.
- */
-
- while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
- {
- numbered = true;
- ++i;
- paramnum = paramnum * 10 + req.query.q[i] - '0';
- }
-
- if (paramnum > paramscopy.size() - 1)
- {
- /* index is out of range!
- */
- numbered = false;
- }
-
- if (numbered)
- {
- int error = 0;
- size_t len = 0;
-
-#ifdef PGSQL_HAS_ESCAPECONN
- len = PQescapeStringConn(sql, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length(), &error);
-#else
- len = PQescapeString (queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
-#endif
- if (error)
- {
- ServerInstance->Logs->Log("m_pgsql", DEBUG, "BUG: Apparently PQescapeStringConn() failed somehow...don't know how or what to do...");
- }
-
- /* Incremenet queryend to the end of the newly escaped parameter */
- queryend += len;
- }
- else if (req.query.p.size())
- {
- int error = 0;
- size_t len = 0;
-
-#ifdef PGSQL_HAS_ESCAPECONN
- len = PQescapeStringConn(sql, queryend, req.query.p.front().c_str(), req.query.p.front().length(), &error);
-#else
- len = PQescapeString (queryend, req.query.p.front().c_str(), req.query.p.front().length());
-#endif
- if(error)
- {
- ServerInstance->Logs->Log("m_pgsql",DEBUG, "BUG: Apparently PQescapeStringConn() failed somehow...don't know how or what to do...");
- }
-
- /* Incremenet queryend to the end of the newly escaped parameter */
- queryend += len;
-
- /* Remove the parameter we just substituted in */
- req.query.p.pop_front();
- }
- else
- {
- ServerInstance->Logs->Log("m_pgsql",DEBUG, "BUG: Found a substitution location but no parameter to substitute :|");
- break;
- }
- }
- else
- {
- *queryend = req.query.q[i];
- queryend++;
- }
+ std::string parm = p[param++];
+ std::vector<char> buffer(parm.length() * 2 + 1);
+ int error;
+ size_t escapedsize = PQescapeStringConn(sql, &buffer[0], parm.data(), parm.length(), &error);
+ if (error)
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "BUG: Apparently PQescapeStringConn() failed");
+ res.append(&buffer[0], escapedsize);