my_name_is(0, NULL, director->hdr.name); /* set user defined name */
/* Plug database interface for library routines */
- p_sql_query = (sql_query)dir_sql_query;
+ p_sql_query = (sql_query)dir_sql_query;
+ p_sql_escape = (sql_escape)db_escape_string;
FDConnectTimeout = (int)director->FDConnectTimeout;
SDConnectTimeout = (int)director->SDConnectTimeout;
#include "jcr.h"
sql_query p_sql_query = NULL;
+sql_escape p_sql_escape = NULL;
#define FULL_LOCATION 1 /* set for file:line in Debug messages */
if (!jcr || !jcr->db) {
break;
}
- if (p_sql_query) {
- POOL_MEM cmd(PM_MESSAGE);
+ if (p_sql_query && p_sql_escape) {
+ POOLMEM *cmd = get_pool_memory(PM_MESSAGE);
+ POOLMEM *esc_msg = get_pool_memory(PM_MESSAGE);
+
+ int len = strlen(msg) + 1;
+ esc_msg = check_pool_memory_size(esc_msg, len*2+1);
+ p_sql_escape(esc_msg, msg, len);
+
bstrftimes(dt, sizeof(dt), mtime);
Mmsg(cmd, "INSERT INTO Log (JobId, Time, LogText) VALUES (%s,'%s','%s')",
- edit_int64(jcr->JobId, ed1), dt, msg);
- p_sql_query(jcr, cmd.c_str());
+ edit_int64(jcr->JobId, ed1), dt, esc_msg);
+ p_sql_query(jcr, cmd);
+
+ free_pool_memory(cmd);
+ free_pool_memory(esc_msg);
}
break;
case MD_CONSOLE:
bool get_trace(void);
typedef void (*sql_query)(JCR *jcr, const char *cmd);
+typedef void (*sql_escape)(char *snew, char *old, int len);
+
extern DLL_IMP_EXP sql_query p_sql_query;
+extern DLL_IMP_EXP sql_escape p_sql_escape;
extern DLL_IMP_EXP int debug_level;
extern DLL_IMP_EXP int verbose;