diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-18 10:29:28 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-09-18 15:24:57 +0200 |
| commit | 70cba36fc92c1e75c5b0f9ebd1f97a68c26c170a (patch) | |
| tree | dc11b483f230b01ff61b7054f25dbfa3c89e9e29 | |
| parent | 77f43e48ffa9b4083a26870ca2fce8757c273bd3 (diff) | |
| download | php-git-70cba36fc92c1e75c5b0f9ebd1f97a68c26c170a.tar.gz | |
Support NO_BACKSLASH_ESCAPES with newer libmysqlclient
Requires the use of mysql_real_escape_string_quote().
| -rw-r--r-- | ext/mysqli/mysqli_api.c | 7 | ||||
| -rw-r--r-- | ext/pdo_mysql/mysql_driver.c | 9 |
2 files changed, 13 insertions, 3 deletions
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 0c17e1599e..7d8682253c 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1954,6 +1954,11 @@ PHP_FUNCTION(mysqli_real_query) } /* }}} */ +#if defined(PDO_USE_MYSQLND) || MYSQL_VERSION_ID < 50707 || defined(MARIADB_BASE_VERSION) +# define mysql_real_escape_string_quote(mysql, to, from, length, quote) \ + mysql_real_escape_string(mysql, to, from, length) +#endif + /* {{{ proto string mysqli_real_escape_string(object link, string escapestr) Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection */ PHP_FUNCTION(mysqli_real_escape_string) { @@ -1969,7 +1974,7 @@ PHP_FUNCTION(mysqli_real_escape_string) { MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID); newstr = zend_string_alloc(2 * escapestr_len, 0); - ZSTR_LEN(newstr) = mysql_real_escape_string(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len); + ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\''); newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0); RETURN_NEW_STR(newstr); diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 0d8c77d351..becd6b9487 100644 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -293,6 +293,11 @@ static char *pdo_mysql_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t * } /* }}} */ +#if defined(PDO_USE_MYSQLND) || MYSQL_VERSION_ID < 50707 || defined(MARIADB_BASE_VERSION) +# define mysql_real_escape_string_quote(mysql, to, from, length, quote) \ + mysql_real_escape_string(mysql, to, from, length) +#endif + /* {{{ mysql_handle_quoter */ static int mysql_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) { @@ -315,13 +320,13 @@ static int mysql_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu *quoted = safe_emalloc(2, unquotedlen, 3 + (use_national_character_set ? 1 : 0)); if (use_national_character_set) { - *quotedlen = mysql_real_escape_string(H->server, *quoted + 2, unquoted, unquotedlen); + *quotedlen = mysql_real_escape_string_quote(H->server, *quoted + 2, unquoted, unquotedlen, '\''); (*quoted)[0] = 'N'; (*quoted)[1] = '\''; ++*quotedlen; /* N prefix */ } else { - *quotedlen = mysql_real_escape_string(H->server, *quoted + 1, unquoted, unquotedlen); + *quotedlen = mysql_real_escape_string_quote(H->server, *quoted + 1, unquoted, unquotedlen, '\''); (*quoted)[0] = '\''; } |