Thread: Found error with apostrophes in ecpg

Found error with apostrophes in ecpg

From
Andreas Theofilu
Date:
Hi,

After playing around, I've found now the error in 'libecpg.so' that
ignored a quoted apostrophe. Detailed description with correction follows:

Symptom:
You've written source with embedded SQL comands and you've translated the
source with 'ecpg' first and then compiled it with your C compiler. Then
you've started the final program and now you wan't to insert a string
into a table that contains an apostrophe. The insert command returns with
the runtime error "Too many arguments in line xxx", allthough there's no
syntax error in your code.

Problem:
'libecpg.so' contains an internal function quote_postgres() (in
ecpglib.c line 217) that quotes every apostrophe with a backslash. So far
so well. The error occures in function next_insert() (in ecpglib.c line
362). This function looks for an apostrophe and if it finds one, it
interpretes it as 'end of string'. But it does not care about a backslash
in front of the apostrophe.

Solution:

361: static char *
362: next_insert(char *text)
363: {
364:         char       *ptr = text;
365:         bool            string = false;
366:
367:         for (; *ptr != '\0' && (*ptr != '?' || string); ptr++)
368:                 if (*ptr == '\'' && *(ptr-1) != '\\')
369:                         string = string ? false : true;
370:
371:         return (*ptr == '\0') ? NULL : ptr;
372: }

Line 368 was altered by me. The original line looks like:

368:                 if (*ptr == '\'')

As you can see, the backslash is honored now.
--
Theofilu Andreas
http://members.eunet.at/theofilu
              -------------------------------------------------                          Enjoy the science of Linux!
                 Genie�e die Wissenschaft von Linux!              -------------------------------------------------