php-src/main/php_odbc_utils.c at PHP-8.3.17 · php/php-src · GitHub

Name: php-src/main/php_odbc_utils.c at PHP-8.3.17 · php/php-src · GitHub
Rating: 4.8 (4982 reviews)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
/*
 +----------------------------------------------------------------------+
 | Copyright (c) The PHP Group |
 +----------------------------------------------------------------------+
 | This source file is subject to version 3.01 of the PHP license, |
 | that is bundled with this package in the file LICENSE, and is |
 | available through the world-wide-web at the following url: |
 | https://www.php.net/license/3_01.txt |
 | If you did not receive a copy of the PHP license and are unable to |
 | obtain it through the world-wide-web, please send a note to |
 | license@php.net so we can mail you a copy immediately. |
 +----------------------------------------------------------------------+
 | Authors: Calvin Buckley <calvin@cmpct.info> |
 +----------------------------------------------------------------------+
*/

#ifdefHAVE_CONFIG_H
#include"config.h"
#endif

#include"php.h"

/*
 * This files contains functions shared between ext/pdo_odbc and ext/odbc,
 * relating to i.e. connection string quoting rules.
 *
 * The declarations are PHPAPI due to being available for shared/static
 * versions.
 */

/**
 * Determines if a string matches the ODBC quoting rules.
 *
 * A valid quoted string begins with a '{', ends with a '}', and has no '}'
 * inside of the string that aren't repeated (as to be escaped).
 *
 * These rules are what .NET also follows.
 */
PHPAPIboolphp_odbc_connstr_is_quoted(constchar*str)
{
/* ODBC quotes are curly braces */
if (str[0] !='{') {
return false;
 }
/* Check for } that aren't doubled up or at the end of the string */
size_tlength=strlen(str);
for (size_ti=0; i<length; i++) {
if (str[i] =='}'&&str[i+1] =='}') {
/* Skip over so we don't count it again */
i++;
 } elseif (str[i] =='}'&&str[i+1] !='\0') {
/* If not at the end, not quoted */
return false;
 }
 }
return true;
}

/**
 * Determines if a value for a connection string should be quoted.
 *
 * The ODBC specification mentions:
 * "Because of connection string and initialization file grammar, keywords and
 * attribute values that contain the characters []{}(),;?*=!@ not enclosed
 * with braces should be avoided."
 *
 * Note that it assumes that the string is *not* already quoted. You should
 * check beforehand.
 */
PHPAPIboolphp_odbc_connstr_should_quote(constchar*str)
{
returnstrpbrk(str, "[]{}(),;?*=!@") !=NULL;
}

/**
 * Estimates the worst-case scenario for a quoted version of a string's size.
 */
PHPAPIsize_tphp_odbc_connstr_estimate_quote_length(constchar*in_str)
{
/* Assume all '}'. Include '{,' '}', and the null terminator too */
return (strlen(in_str) *2) +3;
}

/**
 * Quotes a string with ODBC rules.
 *
 * Some characters (curly braces, semicolons) are special and must be quoted.
 * In the case of '}' in a quoted string, they must be escaped SQL style; that
 * is, repeated.
 */
PHPAPIsize_tphp_odbc_connstr_quote(char*out_str, constchar*in_str, size_tout_str_size)
{
*out_str++='{';
out_str_size--;
while (out_str_size>2) {
if (*in_str=='\0') {
break;
 } elseif (*in_str=='}'&&out_str_size-1>2) {
/* enough room to append */
*out_str++='}';
*out_str++=*in_str++;
out_str_size-=2;
 } elseif (*in_str=='}') {
/* not enough, truncate here */
break;
 } else {
*out_str++=*in_str++;
out_str_size--;
 }
 }
/* append termination */
*out_str++='}';
*out_str++='\0';
out_str_size-=2;
/* return how many characters were left */
returnstrlen(in_str);
}