mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 01:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
master
php-src/main/php_odbc_utils.h
Calvin Buckley 2920a26636
Quote when adding to connection string in (PDO_)ODBC 
Because the UID= and PWD= values are appended to the SQLDriverConnect
case when credentials are passed, we have to append them to the string
in case users are relying on this behaviour. However, they must be
quoted, or the arguments will be invalid (or possibly more injected).
This means users had to quote arguments or append credentials to the raw
connection string themselves.

It seems that ODBC quoting rules are consistent enough (and that
Microsoft trusts them enough to encode into the .NET BCL) that we can
actually check if the string is already quoted (in case a user is
already quoting because of this not being fixed), and if not, apply the
appropriate ODBC quoting rules.

This is because the code exists in main/, and are shared between
both ODBC extensions, so it doesn't make sense for it to only exist
in one or the other. There may be a better spot for it.

Closes GH-8307.
2022-05-27 16:56:44 +02:00

23 lines
1.3 KiB
C
Raw Permalink Blame History

/*
+----------------------------------------------------------------------+
| Copyright (c) The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| https://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Calvin Buckley <calvin@cmpct.info> |
+----------------------------------------------------------------------+
*/
#include "php.h"
PHPAPI bool php_odbc_connstr_is_quoted(const char *str);
PHPAPI bool php_odbc_connstr_should_quote(const char *str);
PHPAPI size_t php_odbc_connstr_estimate_quote_length(const char *in_str);
PHPAPI size_t php_odbc_connstr_quote(char *out_str, const char *in_str, size_t out_str_size);
Reference in New Issue View Git Blame Copy Permalink