1051
1051
return MS_FAILURE;
1054
/************************************************************************/
1055
/* LayerDefaultEscapeSQLParam */
1057
/* Default function used to escape strings and avoid sql */
1058
/* injection. Specific drivers should redefine if an escaping */
1059
/* function is available in the driver. */
1060
/************************************************************************/
1061
char *LayerDefaultEscapeSQLParam(layerObj *layer, const char* pszString)
1063
char *pszEscapedStr=NULL;
1069
nSrcLen = (int)strlen(pszString);
1070
pszEscapedStr = (char*) malloc( 2 * nSrcLen + 1);
1071
for(i = 0, j = 0; i < nSrcLen; i++)
1076
pszEscapedStr[j++] = '\'';
1077
pszEscapedStr[j++] = '\'';
1081
pszEscapedStr[j++] = '\\';
1082
pszEscapedStr[j++] = '\\';
1085
pszEscapedStr[j++] = c;
1087
pszEscapedStr[j] = 0;
1089
return pszEscapedStr;
1092
/************************************************************************/
1093
/* LayerDefaultEscapePropertyName */
1095
/* Return the property name in a properly escaped and quoted form. */
1096
/************************************************************************/
1097
char *LayerDefaultEscapePropertyName(layerObj *layer, const char* pszString)
1099
char* pszEscapedStr=NULL;
1102
if (layer && pszString && strlen(pszString) > 0)
1104
int nLength = strlen(pszString);
1106
pszEscapedStr = (char*) malloc( 1 + 2 * nLength + 1 + 1);
1107
pszEscapedStr[j++] = '"';
1109
for (i=0; i<nLength; i++)
1111
char c = pszString[i];
1114
pszEscapedStr[j++] = '"';
1115
pszEscapedStr[j++] ='"';
1119
pszEscapedStr[j++] = '\\';
1120
pszEscapedStr[j++] = '\\';
1123
pszEscapedStr[j++] = c;
1125
pszEscapedStr[j++] = '"';
1126
pszEscapedStr[j++] = 0;
1129
return pszEscapedStr;
1055
1134
* msConnectLayer
1369
Returns an escaped string
1371
char *msLayerEscapeSQLParam(layerObj *layer, const char*pszString)
1373
if ( ! layer->vtable) {
1374
int rv = msInitializeVirtualTable(layer);
1375
if (rv != MS_SUCCESS)
1378
return layer->vtable->LayerEscapeSQLParam(layer, pszString);
1381
char *msLayerEscapePropertyName(layerObj *layer, const char*pszString)
1383
if ( ! layer->vtable) {
1384
int rv = msInitializeVirtualTable(layer);
1385
if (rv != MS_SUCCESS)
1388
return layer->vtable->LayerEscapePropertyName(layer, pszString);
1284
1393
msINLINELayerInitializeVirtualTable(layerObj *layer)
1312
1421
/* layer->vtable->LayerCreateItems, use default */
1313
1422
layer->vtable->LayerGetNumFeatures = msINLINELayerGetNumFeatures;
1424
/*layer->vtable->LayerEscapeSQLParam, use default*/
1425
/*layer->vtable->LayerEscapePropertyName, use default*/
1315
1426
return MS_SUCCESS;