[ndoutils] proposal: change sql string escaping

[Michael Friedrich]

Hi,

currently the string escaping sequence for ndo2db tries to escape 
everything possible for the upcoming insert/update into the rdbm. This 
is rather useless regarding the fact that most of the escaped characters 
do not harm the query within a quoted string.
Only a single quote must be escaped by another single quote to let the 
rdbm handle that escaping. All other escape sequences are not needed in 
between a quoted string.

e.g.

freddy's host

'freddy's host' => without escaped single quote interpreted as: 'freddy' 
error query failed

'freddy''s host' => with escaped single quote query does not fail and 
everything is fine

This escaping method is true for Oracle, Postgres and MySQL (all three 
tested ok with IDOUtils). Maybe it will be patched to NDOUtils for any 
future updates when working with more than one rdbm - no more worries 
about that.

The attached patch matches against the git converted NDOUtils repository.

Kind regards,
Michael


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-change-sql-string-escaping.patch
Type: text/x-diff
Size: 1388 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20100108/eae1dc25/attachment.patch>
-------------- next part --------------
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel