BUG#18293 (Values in stored procedures written to binlog unescaped):

Generating character set-independent quoting of strings for the
binary log when executing statements from inside stored procedure.

4 files changed, 39 insertions, 23 deletions

diff --git a/sql/item.cc b/sql/item.cc
index 808271fe256..c48bf19a88b 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -2642,25 +2642,8 @@ const String *Item_param::query_val_str(String* str) const
   case STRING_VALUE:
   case LONG_DATA_VALUE:
     {
-      char *buf, *ptr;
       str->length(0);
-      if (str->reserve(str_value.length()*2+3))
-        break;
-
-      buf= str->c_ptr_quick();
-      ptr= buf;
-      if (value.cs_info.character_set_client->escape_with_backslash_is_dangerous)
-      {
-        ptr= str_to_hex(ptr, str_value.ptr(), str_value.length());
-      }
-      else
-      {
-        *ptr++= '\'';
-        ptr+= escape_string_for_mysql(str_value.charset(), ptr, 0,
-                                      str_value.ptr(), str_value.length());
-        *ptr++='\'';
-      }
-      str->length((uint32) (ptr - buf));
+      append_query_string(value.cs_info.character_set_client, &str_value, str);
       break;
     }
   case NULL_VALUE:
diff --git a/sql/log_event.cc b/sql/log_event.cc
index 5ca7c00ee8f..266d6b064bd 100644
--- a/sql/log_event.cc
+++ b/sql/log_event.cc
@@ -240,6 +240,37 @@ char *str_to_hex(char *to, const char *from, uint len)
 }
 
 /*
+  Append a version of the 'from' string suitable for use in a query to
+  the 'to' string.  To generate a correct escaping, the character set
+  information in 'csinfo' is used.
+ */
+#ifndef MYSQL_CLIENT
+int
+append_query_string(CHARSET_INFO *csinfo,
+                    String const *from, String *to)
+{
+  char *beg, *ptr;
+  uint32 const orig_len= to->length();
+  if (to->reserve(orig_len + from->length()*2+3))
+    return 1;
+
+  beg= to->c_ptr_quick() + to->length();
+  ptr= beg;
+  if (csinfo->escape_with_backslash_is_dangerous)
+    ptr= str_to_hex(ptr, from->ptr(), from->length());
+  else
+  {
+    *ptr++= '\'';
+    ptr+= escape_string_for_mysql(from->charset(), ptr, 0,
+                                  from->ptr(), from->length());
+    *ptr++='\'';
+  }
+  to->length(orig_len + ptr - beg);
+  return 0;
+}
+#endif
+
+/*
   Prints a "session_var=value" string. Used by mysqlbinlog to print some SET
   commands just before it prints a query.
 */
diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index 32262b3afb2..9c9d8115402 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -529,6 +529,8 @@ bool delete_precheck(THD *thd, TABLE_LIST *tables);
 bool insert_precheck(THD *thd, TABLE_LIST *tables);
 bool create_table_precheck(THD *thd, TABLE_LIST *tables,
                            TABLE_LIST *create_table);
+int append_query_string(CHARSET_INFO *csinfo,
+                        String const *from, String *to);
 
 void get_default_definer(THD *thd, LEX_USER *definer);
 LEX_USER *create_default_definer(THD *thd);
diff --git a/sql/sp_head.cc b/sql/sp_head.cc
index c0b566f9b9b..bba9479c8f3 100644
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -80,8 +80,8 @@ sp_map_item_type(enum enum_field_types type)
 /*
   Return a string representation of the Item value.
 
-  NOTE: this is a legacy-compatible implementation. It fails if the value
-  contains non-ordinary symbols, which should be escaped.
+  NOTE: If the item has a string result type, the string is escaped
+  according to its character set.
 
   SYNOPSIS
     item    a pointer to the Item
@@ -119,9 +119,9 @@ sp_get_item_value(Item *item, String *str)
 
         buf.append('_');
         buf.append(result->charset()->csname);
-        buf.append('\'');
-        buf.append(*result);
-        buf.append('\'');
+        if (result->charset()->escape_with_backslash_is_dangerous)
+          buf.append(' ');
+        append_query_string(result->charset(), result, &buf);
         str->copy(buf);
 
         return str;