int len;
utime_t JobTDate;
char ed1[30],ed2[30];
+ char esc_job[MAX_ESCAPE_NAME_LENGTH];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
len = strlen(jcr->comment); /* TODO: use jr instead of jcr to get comment */
buf.check_size(len*2+1);
- db_escape_string(jcr, mdb, buf.c_str(), jcr->comment, len);
+ mdb->db_escape_string(jcr, buf.c_str(), jcr->comment, len);
+
+ mdb->db_escape_string(jcr, esc_job, jr->Job, strlen(jr->Job));
+ mdb->db_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
/* Must create it */
Mmsg(mdb->cmd,
"INSERT INTO Job (Job,Name,Type,Level,JobStatus,SchedTime,JobTDate,"
"ClientId,Comment) "
"VALUES ('%s','%s','%c','%c','%c','%s',%s,%s,'%s')",
- jr->Job, jr->Name, (char)(jr->JobType), (char)(jr->JobLevel),
+ esc_job, esc_name, (char)(jr->JobType), (char)(jr->JobLevel),
(char)(jr->JobStatus), dt, edit_uint64(JobTDate, ed1),
edit_int64(jr->ClientId, ed2), buf.c_str());
{
bool stat;
char ed1[30], ed2[30], ed3[50], ed4[50], ed5[50];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
+ char esc_lf[MAX_ESCAPE_NAME_LENGTH];
+
int num_rows;
+
Dmsg0(200, "In create pool\n");
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT PoolId,Name FROM Pool WHERE Name='%s'", pr->Name);
+ mdb->db_escape_string(jcr, esc_name, pr->Name, strlen(pr->Name));
+ mdb->db_escape_string(jcr, esc_lf, pr->LabelFormat, strlen(pr->LabelFormat));
+ Mmsg(mdb->cmd, "SELECT PoolId,Name FROM Pool WHERE Name='%s'", esc_name);
Dmsg1(200, "selectpool: %s\n", mdb->cmd);
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
"MaxVolJobs,MaxVolFiles,MaxVolBytes,PoolType,LabelType,LabelFormat,"
"RecyclePoolId,ScratchPoolId,ActionOnPurge) "
"VALUES ('%s',%u,%u,%d,%d,%d,%d,%d,%s,%s,%u,%u,%s,'%s',%d,'%s',%s,%s,%d)",
- pr->Name,
+ esc_name,
pr->NumVols, pr->MaxVols,
pr->UseOnce, pr->UseCatalog,
pr->AcceptAnyVolume,
edit_uint64(pr->VolUseDuration, ed2),
pr->MaxVolJobs, pr->MaxVolFiles,
edit_uint64(pr->MaxVolBytes, ed3),
- pr->PoolType, pr->LabelType, pr->LabelFormat,
+ pr->PoolType, pr->LabelType, esc_lf,
edit_int64(pr->RecyclePoolId,ed4),
edit_int64(pr->ScratchPoolId,ed5),
pr->ActionOnPurge
{
bool ok;
char ed1[30], ed2[30];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
int num_rows;
Dmsg0(200, "In create Device\n");
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT DeviceId,Name FROM Device WHERE Name='%s'", dr->Name);
+ mdb->db_escape_string(jcr, esc, dr->Name, strlen(dr->Name));
+ Mmsg(mdb->cmd, "SELECT DeviceId,Name FROM Device WHERE Name='%s'", esc);
Dmsg1(200, "selectdevice: %s\n", mdb->cmd);
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
/* Must create it */
Mmsg(mdb->cmd,
"INSERT INTO Device (Name,MediaTypeId,StorageId) VALUES ('%s',%s,%s)",
- dr->Name,
+ esc,
edit_uint64(dr->MediaTypeId, ed1),
edit_int64(dr->StorageId, ed2));
Dmsg1(200, "Create Device: %s\n", mdb->cmd);
SQL_ROW row;
bool ok;
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT StorageId,AutoChanger FROM Storage WHERE Name='%s'", sr->Name);
+ mdb->db_escape_string(jcr, esc, sr->Name, strlen(sr->Name));
+ Mmsg(mdb->cmd, "SELECT StorageId,AutoChanger FROM Storage WHERE Name='%s'",esc);
sr->StorageId = 0;
sr->created = false;
/* Must create it */
Mmsg(mdb->cmd, "INSERT INTO Storage (Name,AutoChanger)"
- " VALUES ('%s',%d)", sr->Name, sr->AutoChanger);
+ " VALUES ('%s',%d)", esc, sr->AutoChanger);
sr->StorageId = sql_insert_autokey_record(mdb, mdb->cmd, NT_("Storage"));
if (sr->StorageId == 0) {
{
bool stat;
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
Dmsg0(200, "In create mediatype\n");
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT MediaTypeId,MediaType FROM MediaType WHERE MediaType='%s'", mr->MediaType);
+ mdb->db_escape_string(jcr, esc, mr->MediaType, strlen(mr->MediaType));
+ Mmsg(mdb->cmd, "SELECT MediaTypeId,MediaType FROM MediaType WHERE MediaType='%s'", esc);
Dmsg1(200, "selectmediatype: %s\n", mdb->cmd);
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
char ed9[50], ed10[50], ed11[50], ed12[50];
struct tm tm;
int num_rows;
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
+ char esc_mtype[MAX_ESCAPE_NAME_LENGTH];
+ char esc_status[MAX_ESCAPE_NAME_LENGTH];
+
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT MediaId FROM Media WHERE VolumeName='%s'",
- mr->VolumeName);
+ mdb->db_escape_string(jcr, esc_name, mr->VolumeName, strlen(mr->VolumeName));
+ mdb->db_escape_string(jcr, esc_mtype, mr->MediaType, strlen(mr->MediaType));
+ mdb->db_escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
+
+ Mmsg(mdb->cmd, "SELECT MediaId FROM Media WHERE VolumeName='%s'", esc_name);
Dmsg1(500, "selectpool: %s\n", mdb->cmd);
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
"ScratchPoolId,RecyclePoolId,Enabled,ActionOnPurge)"
"VALUES ('%s','%s',0,%u,%s,%s,%d,%s,%s,%u,%u,'%s',%d,%s,%d,%s,%s,%d,0,0,%d,%s,"
"%s,%s,%s,%s,%d,%d)",
- mr->VolumeName,
- mr->MediaType, mr->PoolId,
+ esc_name,
+ esc_mtype, mr->PoolId,
edit_uint64(mr->MaxVolBytes,ed1),
edit_uint64(mr->VolCapacityBytes, ed2),
mr->Recycle,
edit_uint64(mr->VolUseDuration, ed4),
mr->MaxVolJobs,
mr->MaxVolFiles,
- mr->VolStatus,
+ esc_status,
mr->Slot,
edit_uint64(mr->VolBytes, ed5),
mr->InChanger,
int stat;
char ed1[50], ed2[50];
int num_rows;
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
+ char esc_uname[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT ClientId,Uname FROM Client WHERE Name='%s'", cr->Name);
+ mdb->db_escape_string(jcr, esc_name, cr->Name, strlen(cr->Name));
+ mdb->db_escape_string(jcr, esc_uname, cr->Uname, strlen(cr->Uname));
+ Mmsg(mdb->cmd, "SELECT ClientId,Uname FROM Client WHERE Name='%s'",esc_name);
cr->ClientId = 0;
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
/* Must create it */
Mmsg(mdb->cmd, "INSERT INTO Client (Name,Uname,AutoPrune,"
"FileRetention,JobRetention) VALUES "
-"('%s','%s',%d,%s,%s)", cr->Name, cr->Uname, cr->AutoPrune,
+"('%s','%s',%d,%s,%s)", esc_name, esc_uname, cr->AutoPrune,
edit_uint64(cr->FileRetention, ed1),
edit_uint64(cr->JobRetention, ed2));
*/
int db_create_counter_record(JCR *jcr, B_DB *mdb, COUNTER_DBR *cr)
{
+ char esc[MAX_ESCAPE_NAME_LENGTH];
COUNTER_DBR mcr;
int stat;
db_unlock(mdb);
return 1;
}
-
+ mdb->db_escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
/* Must create it */
Mmsg(mdb->cmd, "INSERT INTO Counters (Counter,\"MinValue\",\"MaxValue\",CurrentValue,"
"WrapCounter) VALUES ('%s','%d','%d','%d','%s')",
- cr->Counter, cr->MinValue, cr->MaxValue, cr->CurrentValue,
- cr->WrapCounter);
+ esc, cr->MinValue, cr->MaxValue, cr->CurrentValue,
+ cr->WrapCounter);
if (!INSERT_DB(jcr, mdb, mdb->cmd)) {
Mmsg2(&mdb->errmsg, _("Create DB Counters record %s failed. ERR=%s\n"),
bool stat;
struct tm tm;
int num_rows;
+ char esc_fs[MAX_ESCAPE_NAME_LENGTH];
+ char esc_md5[MAX_ESCAPE_NAME_LENGTH];
+ /* TODO: Escape FileSet and MD5 */
db_lock(mdb);
fsr->created = false;
+ mdb->db_escape_string(jcr, esc_fs, fsr->FileSet, strlen(fsr->FileSet));
+ mdb->db_escape_string(jcr, esc_md5, fsr->MD5, strlen(fsr->MD5));
Mmsg(mdb->cmd, "SELECT FileSetId,CreateTime FROM FileSet WHERE "
-"FileSet='%s' AND MD5='%s'", fsr->FileSet, fsr->MD5);
+ "FileSet='%s' AND MD5='%s'", esc_fs, esc_md5);
fsr->FileSetId = 0;
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
/* Must create it */
Mmsg(mdb->cmd, "INSERT INTO FileSet (FileSet,MD5,CreateTime) "
-"VALUES ('%s','%s','%s')", fsr->FileSet, fsr->MD5, fsr->cCreateTime);
+"VALUES ('%s','%s','%s')", esc_fs, esc_md5, fsr->cCreateTime);
fsr->FileSetId = sql_insert_autokey_record(mdb, mdb->cmd, NT_("FileSet"));
if (fsr->FileSetId == 0) {
{
SQL_ROW row;
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
- Mmsg(mdb->cmd, "SELECT PoolId FROM Pool WHERE Name='%s'", pr->Name);
+ mdb->db_escape_string(jcr, esc, pr->Name, strlen(pr->Name));
+ Mmsg(mdb->cmd, "SELECT PoolId FROM Pool WHERE Name='%s'", esc);
Dmsg1(10, "selectpool: %s\n", mdb->cmd);
pr->PoolId = pr->NumVols = 0;
{
SQL_ROW row;
char ed1[50], ed2[50];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
-
+ mdb->db_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
pm_strcpy(stime, "0000-00-00 00:00:00"); /* default */
/* If no Id given, we must find corresponding job */
if (jr->JobId == 0) {
"SELECT StartTime FROM Job WHERE JobStatus IN ('T','W') AND Type='%c' AND "
"Level='%c' AND Name='%s' AND ClientId=%s AND FileSetId=%s "
"ORDER BY StartTime DESC LIMIT 1",
- jr->JobType, L_FULL, jr->Name,
+ jr->JobType, L_FULL, esc_name,
edit_int64(jr->ClientId, ed1), edit_int64(jr->FileSetId, ed2));
if (jr->JobLevel == L_DIFFERENTIAL) {
"SELECT StartTime FROM Job WHERE JobStatus IN ('T','W') AND Type='%c' AND "
"Level IN ('%c','%c','%c') AND Name='%s' AND ClientId=%s "
"AND FileSetId=%s ORDER BY StartTime DESC LIMIT 1",
- jr->JobType, L_INCREMENTAL, L_DIFFERENTIAL, L_FULL, jr->Name,
+ jr->JobType, L_INCREMENTAL, L_DIFFERENTIAL, L_FULL, esc_name,
edit_int64(jr->ClientId, ed1), edit_int64(jr->FileSetId, ed2));
} else {
Mmsg1(mdb->errmsg, _("Unknown level=%d\n"), jr->JobLevel);
{
SQL_ROW row;
char ed1[50], ed2[50];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
-
+ mdb->db_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
pm_strcpy(stime, "0000-00-00 00:00:00"); /* default */
Mmsg(mdb->cmd,
"SELECT StartTime FROM Job WHERE JobStatus IN ('T','W') AND Type='%c' AND "
"Level='%c' AND Name='%s' AND ClientId=%s AND FileSetId=%s "
"ORDER BY StartTime DESC LIMIT 1",
- jr->JobType, JobLevel, jr->Name,
+ jr->JobType, JobLevel, esc_name,
edit_int64(jr->ClientId, ed1), edit_int64(jr->FileSetId, ed2));
if (!QUERY_DB(jcr, mdb, mdb->cmd)) {
Mmsg2(&mdb->errmsg, _("Query error for start time request: ERR=%s\nCMD=%s\n"),
{
SQL_ROW row;
char ed1[50], ed2[50];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
+
/* Differential is since last Full backup */
Mmsg(mdb->cmd,
"SELECT Level FROM Job WHERE JobStatus NOT IN ('T','W') AND "
"Type='%c' AND Level IN ('%c','%c') AND Name='%s' AND ClientId=%s "
"AND FileSetId=%s AND StartTime>'%s' "
"ORDER BY StartTime DESC LIMIT 1",
- jr->JobType, L_FULL, L_DIFFERENTIAL, jr->Name,
+ jr->JobType, L_FULL, L_DIFFERENTIAL, esc_name,
edit_int64(jr->ClientId, ed1), edit_int64(jr->FileSetId, ed2),
stime);
if (!QUERY_DB(jcr, mdb, mdb->cmd)) {
{
SQL_ROW row;
char ed1[50];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
- /* Find last full */
db_lock(mdb);
+ /* Find last full */
Dmsg2(100, "JobLevel=%d JobType=%d\n", jr->JobLevel, jr->JobType);
if (jr->JobLevel == L_VERIFY_CATALOG) {
+ mdb->db_escape_string(jcr, esc_name, jr->Name, strlen(jr->Name));
Mmsg(mdb->cmd,
"SELECT JobId FROM Job WHERE Type='V' AND Level='%c' AND "
" JobStatus IN ('T','W') AND Name='%s' AND "
"ClientId=%s ORDER BY StartTime DESC LIMIT 1",
- L_VERIFY_INIT, jr->Name,
+ L_VERIFY_INIT, esc_name,
edit_int64(jr->ClientId, ed1));
} else if (jr->JobLevel == L_VERIFY_VOLUME_TO_CATALOG ||
jr->JobLevel == L_VERIFY_DISK_TO_CATALOG ||
jr->JobType == JT_BACKUP) {
if (Name) {
+ mdb->db_escape_string(jcr, esc_name, (char*)Name,
+ MIN(strlen(Name), sizeof(esc_name)));
Mmsg(mdb->cmd,
"SELECT JobId FROM Job WHERE Type='B' AND JobStatus IN ('T','W') AND "
-"Name='%s' ORDER BY StartTime DESC LIMIT 1", Name);
+"Name='%s' ORDER BY StartTime DESC LIMIT 1", esc_name);
} else {
Mmsg(mdb->cmd,
"SELECT JobId FROM Job WHERE Type='B' AND JobStatus IN ('T','W') AND "
SQL_ROW row = NULL;
int numrows;
const char *order;
-
+ char esc_type[MAX_ESCAPE_NAME_LENGTH];
+ char esc_status[MAX_ESCAPE_NAME_LENGTH];
char ed1[50];
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc_type, mr->MediaType, strlen(mr->MediaType));
+ mdb->db_escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
+
if (item == -1) { /* find oldest volume */
/* Find oldest volume */
Mmsg(mdb->cmd, "SELECT MediaId,VolumeName,VolJobs,VolFiles,VolBlocks,"
"FROM Media WHERE PoolId=%s AND MediaType='%s' AND VolStatus IN ('Full',"
"'Recycle','Purged','Used','Append') AND Enabled=1 "
"ORDER BY LastWritten LIMIT 1",
- edit_int64(mr->PoolId, ed1), mr->MediaType);
+ edit_int64(mr->PoolId, ed1), esc_type);
item = 1;
} else {
POOL_MEM changer(PM_FNAME);
"AND VolStatus='%s' "
"%s "
"%s LIMIT %d",
- edit_int64(mr->PoolId, ed1), mr->MediaType,
- mr->VolStatus, changer.c_str(), order, item);
+ edit_int64(mr->PoolId, ed1), esc_type,
+ esc_status, changer.c_str(), order, item);
}
Dmsg1(050, "fnextvol=%s\n", mdb->cmd);
if (!QUERY_DB(jcr, mdb, mdb->cmd)) {
{
SQL_ROW row;
char ed1[50];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
if (jr->JobId == 0) {
+ mdb->db_escape_string(jcr, esc, jr->Job, strlen(jr->Job));
Mmsg(mdb->cmd, "SELECT VolSessionId,VolSessionTime,"
"PoolId,StartTime,EndTime,JobFiles,JobBytes,JobTDate,Job,JobStatus,"
"Type,Level,ClientId,Name,PriorJobId,RealEndTime,JobId,FileSetId,"
"SchedTime,RealEndTime,ReadBytes,HasBase,PurgedFiles "
-"FROM Job WHERE Job='%s'", jr->Job);
+"FROM Job WHERE Job='%s'", esc);
} else {
Mmsg(mdb->cmd, "SELECT VolSessionId,VolSessionTime,"
"PoolId,StartTime,EndTime,JobFiles,JobBytes,JobTDate,Job,JobStatus,"
bool ok = false;
char ed1[50];
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
if (pdbr->PoolId != 0) { /* find by id */
"ActionOnPurge FROM Pool WHERE Pool.PoolId=%s",
edit_int64(pdbr->PoolId, ed1));
} else { /* find by name */
+ mdb->db_escape_string(jcr, esc, pdbr->Name, strlen(pdbr->Name));
Mmsg(mdb->cmd,
"SELECT PoolId,Name,NumVols,MaxVols,UseOnce,UseCatalog,AcceptAnyVolume,"
"AutoPrune,Recycle,VolRetention,VolUseDuration,MaxVolJobs,MaxVolFiles,"
"MaxVolBytes,PoolType,LabelType,LabelFormat,RecyclePoolId,ScratchPoolId,"
-"ActionOnPurge FROM Pool WHERE Pool.Name='%s'",
- pdbr->Name);
+"ActionOnPurge FROM Pool WHERE Pool.Name='%s'", esc);
}
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
num_rows = sql_num_rows(mdb);
int stat = 0;
char ed1[50];
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
if (cdbr->ClientId != 0) { /* find by id */
"FROM Client WHERE Client.ClientId=%s",
edit_int64(cdbr->ClientId, ed1));
} else { /* find by name */
+ mdb->db_escape_string(jcr, esc, cdbr->Name, strlen(cdbr->Name));
Mmsg(mdb->cmd,
"SELECT ClientId,Name,Uname,AutoPrune,FileRetention,JobRetention "
-"FROM Client WHERE Client.Name='%s'", cdbr->Name);
+"FROM Client WHERE Client.Name='%s'", esc);
}
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
{
SQL_ROW row;
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
+
Mmsg(mdb->cmd, "SELECT \"MinValue\",\"MaxValue\",CurrentValue,WrapCounter "
- "FROM Counters WHERE Counter='%s'", cr->Counter);
+ "FROM Counters WHERE Counter='%s'", esc);
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
num_rows = sql_num_rows(mdb);
int stat = 0;
char ed1[50];
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
if (fsr->FileSetId != 0) { /* find by id */
"WHERE FileSetId=%s",
edit_int64(fsr->FileSetId, ed1));
} else { /* find by name */
+ mdb->db_escape_string(jcr, esc, fsr->FileSet, strlen(fsr->FileSet));
Mmsg(mdb->cmd,
"SELECT FileSetId,FileSet,MD5,CreateTime FROM FileSet "
- "WHERE FileSet='%s' ORDER BY CreateTime DESC LIMIT 1", fsr->FileSet);
+ "WHERE FileSet='%s' ORDER BY CreateTime DESC LIMIT 1", esc);
}
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
char ed1[50];
bool ok = false;
int num_rows;
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
if (mr->MediaId == 0 && mr->VolumeName[0] == 0) {
"FROM Media WHERE MediaId=%s",
edit_int64(mr->MediaId, ed1));
} else { /* find by name */
+ mdb->db_escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
Mmsg(mdb->cmd, "SELECT MediaId,VolumeName,VolJobs,VolFiles,VolBlocks,"
"VolBytes,VolMounts,VolErrors,VolWrites,MaxVolBytes,VolCapacityBytes,"
"MediaType,VolStatus,PoolId,VolRetention,VolUseDuration,MaxVolJobs,"
"EndFile,EndBlock,VolParts,LabelType,LabelDate,StorageId,"
"Enabled,LocationId,RecycleCount,InitialWrite,"
"ScratchPoolId,RecyclePoolId,VolReadTime,VolWriteTime,ActionOnPurge "
- "FROM Media WHERE VolumeName='%s'", mr->VolumeName);
+ "FROM Media WHERE VolumeName='%s'", esc);
}
if (QUERY_DB(jcr, mdb, mdb->cmd)) {
utime_t StartTime;
db_int64_ctx lctx;
char date[MAX_TIME_LENGTH];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
bool ret=false;
// char clientid[50], filesetid[50];
*jobid = 0;
StartTime = (jr->StartTime)?jr->StartTime:time(NULL);
bstrutime(date, sizeof(date), StartTime + 1);
-
+ mdb->db_escape_string(jcr, esc, jr->Name, strlen(jr->Name));
+
/* we can take also client name, fileset, etc... */
Mmsg(query,
// "AND Client.Name = '%s' "
"AND StartTime<'%s' "
"ORDER BY Job.JobTDate DESC LIMIT 1",
- jr->Name,
+ esc,
// edit_uint64(jr->ClientId, clientid),
// edit_uint64(jr->FileSetId, filesetid));
date);
db_list_pool_records(JCR *jcr, B_DB *mdb, POOL_DBR *pdbr,
DB_LIST_HANDLER *sendit, void *ctx, e_list_type type)
{
+ char esc[MAX_ESCAPE_NAME_LENGTH];
LIST_CTX lctx(jcr, mdb, sendit, ctx, type);
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc, pdbr->Name, strlen(pdbr->Name));
+
if (type == VERT_LIST) {
if (pdbr->Name[0] != 0) {
Mmsg(mdb->cmd, "SELECT PoolId,Name,NumVols,MaxVols,UseOnce,UseCatalog,"
"AcceptAnyVolume,VolRetention,VolUseDuration,MaxVolJobs,MaxVolBytes,"
"AutoPrune,Recycle,PoolType,LabelFormat,Enabled,ScratchPoolId,"
"RecyclePoolId,LabelType "
- " FROM Pool WHERE Name='%s'", pdbr->Name);
+ " FROM Pool WHERE Name='%s'", esc);
} else {
Mmsg(mdb->cmd, "SELECT PoolId,Name,NumVols,MaxVols,UseOnce,UseCatalog,"
"AcceptAnyVolume,VolRetention,VolUseDuration,MaxVolJobs,MaxVolBytes,"
} else {
if (pdbr->Name[0] != 0) {
Mmsg(mdb->cmd, "SELECT PoolId,Name,NumVols,MaxVols,PoolType,LabelFormat "
- "FROM Pool WHERE Name='%s'", pdbr->Name);
+ "FROM Pool WHERE Name='%s'", esc);
} else {
Mmsg(mdb->cmd, "SELECT PoolId,Name,NumVols,MaxVols,PoolType,LabelFormat "
"FROM Pool ORDER BY PoolId");
DB_LIST_HANDLER *sendit, void *ctx, e_list_type type)
{
char ed1[50];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
LIST_CTX lctx(jcr, mdb, sendit, ctx, type);
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc, mdbr->VolumeName, strlen(mdbr->VolumeName));
+
if (type == VERT_LIST) {
if (mdbr->VolumeName[0] != 0) {
Mmsg(mdb->cmd, "SELECT MediaId,VolumeName,Slot,PoolId,"
"EndFile,EndBlock,VolParts,LabelType,StorageId,DeviceId,"
"LocationId,RecycleCount,InitialWrite,ScratchPoolId,RecyclePoolId, "
"Comment"
- " FROM Media WHERE Media.VolumeName='%s'", mdbr->VolumeName);
+ " FROM Media WHERE Media.VolumeName='%s'", esc);
} else {
Mmsg(mdb->cmd, "SELECT MediaId,VolumeName,Slot,PoolId,"
"MediaType,FirstWritten,LastWritten,LabelDate,VolJobs,"
if (mdbr->VolumeName[0] != 0) {
Mmsg(mdb->cmd, "SELECT MediaId,VolumeName,VolStatus,Enabled,"
"VolBytes,VolFiles,VolRetention,Recycle,Slot,InChanger,MediaType,LastWritten "
- "FROM Media WHERE Media.VolumeName='%s'", mdbr->VolumeName);
+ "FROM Media WHERE Media.VolumeName='%s'", esc);
} else {
Mmsg(mdb->cmd, "SELECT MediaId,VolumeName,VolStatus,Enabled,"
"VolBytes,VolFiles,VolRetention,Recycle,Slot,InChanger,MediaType,LastWritten "
{
char ed1[50];
char limit[100];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
LIST_CTX lctx(jcr, mdb, sendit, ctx, type);
db_lock(mdb);
}
} else {
if (jr->Name[0] != 0) {
+ mdb->db_escape_string(jcr, esc, jr->Name, strlen(jr->Name));
Mmsg(mdb->cmd,
- "SELECT JobId,Name,StartTime,Type,Level,JobFiles,JobBytes,JobStatus "
- "FROM Job WHERE Name='%s' ORDER BY StartTime,JobId ASC", jr->Name);
+ "SELECT JobId,Name,StartTime,Type,Level,JobFiles,JobBytes,JobStatus "
+ "FROM Job WHERE Name='%s' ORDER BY StartTime,JobId ASC", esc);
} else if (jr->Job[0] != 0) {
+ mdb->db_escape_string(jcr, esc, jr->Job, strlen(jr->Job));
Mmsg(mdb->cmd,
"SELECT JobId,Name,StartTime,Type,Level,JobFiles,JobBytes,JobStatus "
- "FROM Job WHERE Job='%s' ORDER BY StartTime,JobId ASC", jr->Job);
+ "FROM Job WHERE Job='%s' ORDER BY StartTime,JobId ASC", esc);
} else if (jr->JobId != 0) {
Mmsg(mdb->cmd,
"SELECT JobId,Name,StartTime,Type,Level,JobFiles,JobBytes,JobStatus "
db_add_digest_to_file_record(JCR *jcr, B_DB *mdb, FileId_t FileId, char *digest,
int type)
{
- int stat;
+ int ret;
char ed1[50];
+ int len = strlen(digest);
db_lock(mdb);
- Mmsg(mdb->cmd, "UPDATE File SET MD5='%s' WHERE FileId=%s", digest,
- edit_int64(FileId, ed1));
- stat = UPDATE_DB(jcr, mdb, mdb->cmd);
+ mdb->esc_name = check_pool_memory_size(mdb->esc_name, len*2+1);
+ mdb->db_escape_string(jcr, mdb->esc_name, digest, len);
+ Mmsg(mdb->cmd, "UPDATE File SET MD5='%s' WHERE FileId=%s", mdb->esc_name,
+ edit_int64(FileId, ed1));
+ ret = UPDATE_DB(jcr, mdb, mdb->cmd);
db_unlock(mdb);
- return stat;
+ return ret;
}
/* Mark the file record as being visited during database
{
int stat;
char ed1[50], ed2[50];
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
+ char esc_uname[MAX_ESCAPE_NAME_LENGTH];
CLIENT_DBR tcr;
db_lock(mdb);
return 0;
}
+ mdb->db_escape_string(jcr, esc_name, cr->Name, strlen(cr->Name));
+ mdb->db_escape_string(jcr, esc_uname, cr->Uname, strlen(cr->Uname));
Mmsg(mdb->cmd,
"UPDATE Client SET AutoPrune=%d,FileRetention=%s,JobRetention=%s,"
"Uname='%s' WHERE Name='%s'",
cr->AutoPrune,
edit_uint64(cr->FileRetention, ed1),
edit_uint64(cr->JobRetention, ed2),
- cr->Uname, cr->Name);
+ esc_uname, esc_name);
stat = UPDATE_DB(jcr, mdb, mdb->cmd);
db_unlock(mdb);
*/
int db_update_counter_record(JCR *jcr, B_DB *mdb, COUNTER_DBR *cr)
{
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
-
+ mdb->db_escape_string(jcr, esc, cr->Counter, strlen(cr->Counter));
Mmsg(mdb->cmd,
"UPDATE Counters SET \"MinValue\"=%d,\"MaxValue\"=%d,CurrentValue=%d,"
"WrapCounter='%s' WHERE Counter='%s'",
cr->MinValue, cr->MaxValue, cr->CurrentValue,
- cr->WrapCounter, cr->Counter);
+ cr->WrapCounter, esc);
int stat = UPDATE_DB(jcr, mdb, mdb->cmd);
db_unlock(mdb);
{
int stat;
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50], ed6[50];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc, pr->LabelFormat, strlen(pr->LabelFormat));
+
Mmsg(mdb->cmd, "SELECT count(*) from Media WHERE PoolId=%s",
edit_int64(pr->PoolId, ed4));
pr->NumVols = get_sql_record_max(jcr, mdb);
pr->MaxVolJobs, pr->MaxVolFiles,
edit_uint64(pr->MaxVolBytes, ed3),
pr->Recycle, pr->AutoPrune, pr->LabelType,
- pr->LabelFormat, edit_int64(pr->RecyclePoolId,ed5),
+ esc, edit_int64(pr->RecyclePoolId,ed5),
edit_int64(pr->ScratchPoolId,ed6),
pr->ActionOnPurge,
ed4);
char ed1[50], ed2[50], ed3[50], ed4[50];
char ed5[50], ed6[50], ed7[50], ed8[50];
char ed9[50], ed10[50], ed11[50];
-
+ char esc_name[MAX_ESCAPE_NAME_LENGTH];
+ char esc_status[MAX_ESCAPE_NAME_LENGTH];
Dmsg1(100, "update_media: FirstWritten=%d\n", mr->FirstWritten);
db_lock(mdb);
+ mdb->db_escape_string(jcr, esc_name, mr->VolumeName, strlen(mr->VolumeName));
+ mdb->db_escape_string(jcr, esc_status, mr->VolStatus, strlen(mr->VolStatus));
+
if (mr->set_first_written) {
Dmsg1(400, "Set FirstWritten Vol=%s\n", mr->VolumeName);
ttime = mr->FirstWritten;
(void)localtime_r(&ttime, &tm);
strftime(dt, sizeof(dt), "%Y-%m-%d %H:%M:%S", &tm);
Mmsg(mdb->cmd, "UPDATE Media SET FirstWritten='%s'"
- " WHERE VolumeName='%s'", dt, mr->VolumeName);
+ " WHERE VolumeName='%s'", dt, esc_name);
stat = UPDATE_DB(jcr, mdb, mdb->cmd);
Dmsg1(400, "Firstwritten=%d\n", mr->FirstWritten);
}
(void)localtime_r(&ttime, &tm);
strftime(dt, sizeof(dt), "%Y-%m-%d %H:%M:%S", &tm);
Mmsg(mdb->cmd, "UPDATE Media SET LabelDate='%s' "
- "WHERE VolumeName='%s'", dt, mr->VolumeName);
+ "WHERE VolumeName='%s'", dt, esc_name);
UPDATE_DB(jcr, mdb, mdb->cmd);
}
(void)localtime_r(&ttime, &tm);
strftime(dt, sizeof(dt), "%Y-%m-%d %H:%M:%S", &tm);
Mmsg(mdb->cmd, "UPDATE Media Set LastWritten='%s' "
- "WHERE VolumeName='%s'", dt, mr->VolumeName);
+ "WHERE VolumeName='%s'", dt, esc_name);
UPDATE_DB(jcr, mdb, mdb->cmd);
}
mr->VolJobs, mr->VolFiles, mr->VolBlocks, edit_uint64(mr->VolBytes, ed1),
mr->VolMounts, mr->VolErrors, mr->VolWrites,
edit_uint64(mr->MaxVolBytes, ed2),
- mr->VolStatus, mr->Slot, mr->InChanger,
+ esc_status, mr->Slot, mr->InChanger,
edit_int64(mr->VolReadTime, ed3),
edit_int64(mr->VolWriteTime, ed4),
mr->VolParts,
edit_uint64(mr->ScratchPoolId, ed10),
edit_uint64(mr->RecyclePoolId, ed11),
mr->RecycleCount,mr->Recycle, mr->ActionOnPurge,
- mr->VolumeName);
+ esc_name);
Dmsg1(400, "%s\n", mdb->cmd);
{
int stat;
char ed1[50], ed2[50], ed3[50], ed4[50], ed5[50];
-
+ char esc[MAX_ESCAPE_NAME_LENGTH];
db_lock(mdb);
if (mr->VolumeName[0]) {
+ mdb->db_escape_string(jcr, esc, mr->VolumeName, strlen(mr->VolumeName));
Mmsg(mdb->cmd, "UPDATE Media SET "
"ActionOnPurge=%d, Recycle=%d,VolRetention=%s,VolUseDuration=%s,"
"MaxVolJobs=%u,MaxVolFiles=%u,MaxVolBytes=%s,RecyclePoolId=%s"
mr->MaxVolJobs, mr->MaxVolFiles,
edit_uint64(mr->MaxVolBytes, ed3),
edit_uint64(mr->RecyclePoolId, ed4),
- mr->VolumeName);
+ esc);
} else {
Mmsg(mdb->cmd, "UPDATE Media SET "
"ActionOnPurge=%d, Recycle=%d,VolRetention=%s,VolUseDuration=%s,"
db_make_inchanger_unique(JCR *jcr, B_DB *mdb, MEDIA_DBR *mr)
{
char ed1[50], ed2[50];
+ char esc[MAX_ESCAPE_NAME_LENGTH];
if (mr->InChanger != 0 && mr->Slot != 0 && mr->StorageId != 0) {
if (mr->MediaId != 0) {
edit_int64(mr->StorageId, ed1), edit_int64(mr->MediaId, ed2));
} else if (*mr->VolumeName) {
+ mdb->db_escape_string(jcr, esc,mr->VolumeName,strlen(mr->VolumeName));
Mmsg(mdb->cmd, "UPDATE Media SET InChanger=0, Slot=0 WHERE "
"Slot=%d AND StorageId=%s AND VolumeName!='%s'",
mr->Slot,
- edit_int64(mr->StorageId, ed1), mr->VolumeName);
+ edit_int64(mr->StorageId, ed1), esc);
} else { /* used by ua_label to reset all volume with this slot */
Mmsg(mdb->cmd, "UPDATE Media SET InChanger=0, Slot=0 WHERE "
projects / bacula / bacula / commitdiff