diff options
| -rw-r--r-- | src/modules/extra/m_mysql.cpp | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp index 16c4485f3..b2bb44408 100644 --- a/src/modules/extra/m_mysql.cpp +++ b/src/modules/extra/m_mysql.cpp @@ -333,10 +333,15 @@ class SQLConnection : public SQLProvider if (param < p.size()) { std::string parm = p[param++]; - char buffer[MAXBUF]; - mysql_escape_string(buffer, parm.c_str(), parm.length()); + // In the worst case, each character may need to be encoded as using two bytes, + // and one byte is the terminating null + std::vector<char> buffer(parm.length() * 2 + 1); + + // The return value of mysql_escape_string() is the length of the encoded string, + // not including the terminating null + unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length()); // mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length()); - res.append(buffer); + res.append(&buffer[0], escapedsize); } } } @@ -362,9 +367,10 @@ class SQLConnection : public SQLProvider if (it != p.end()) { std::string parm = it->second; - char buffer[MAXBUF]; - mysql_escape_string(buffer, parm.c_str(), parm.length()); - res.append(buffer); + // NOTE: See above + std::vector<char> buffer(parm.length() * 2 + 1); + unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length()); + res.append(&buffer[0], escapedsize); } } } |