From: Russell Bryant <russell@russellbryant.com>
Date: Wed, 11 Jul 2007 18:33:23 +0000 (+0000)
Subject: Make sure that the ESCAPE immediately follows the condition that uses LIKE.
X-Git-Tag: 1.2.22~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4307bca95ced380fbf5b87f086ce26be107100b7;p=thirdparty%2Fasterisk.git

Make sure that the ESCAPE immediately follows the condition that uses LIKE.
This fixes realtime extensions with ODBC.
(closes issue #10175, reported by stuarth, patch by me)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@74656 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/res/res_config_odbc.c b/res/res_config_odbc.c
index fcd4609cff..ff30ee2c4f 100644
--- a/res/res_config_odbc.c
+++ b/res/res_config_odbc.c
@@ -95,16 +95,15 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl
 		return NULL;
 	}
 	newval = va_arg(aq, const char *);
-	if (!strchr(newparam, ' ')) op = " ="; else op = "";
+	op = !strchr(newparam, ' ') ? " =" : "";
 	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op);
 	while((newparam = va_arg(aq, const char *))) {
-		if (!strchr(newparam, ' ')) op = " ="; else op = "";
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?", newparam, op);
+		op = !strchr(newparam, ' ') ? " =" : "";
+		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op,
+			strcasestr(newparam, "LIKE") ? " ESCAPE '\\'" : "");
 		newval = va_arg(aq, const char *);
 	}
 	va_end(aq);
-	if (strcasestr(sql, "LIKE"))
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ESCAPE '\\'");
 
 	res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS);
 	if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) {
@@ -242,18 +241,17 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char *
 	if (initfield && (op = strchr(initfield, ' '))) 
 		*op = '\0';
 	newval = va_arg(aq, const char *);
-	if (!strchr(newparam, ' ')) op = " ="; else op = "";
+	op = !strchr(newparam, ' ') ? " =" : "";
 	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?", table, newparam, op);
 	while((newparam = va_arg(aq, const char *))) {
-		if (!strchr(newparam, ' ')) op = " ="; else op = "";
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?", newparam, op);
+		op = !strchr(newparam, ' ') ? " =" : "";
+		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op,
+			strcasestr(newparam, "LIKE") ? " ESCAPE '\\'" : "");
 		newval = va_arg(aq, const char *);
 	}
 	if (initfield)
 		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ORDER BY %s", initfield);
 	va_end(aq);
-	if (strcasestr(sql, "LIKE"))
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " ESCAPE '\\'");
 
 	res = SQLPrepare(stmt, (unsigned char *)sql, SQL_NTS);
 	if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) {