diff options
| author | Tilghman Lesher <tilghman@meg.abyt.es> | 2005-12-27 02:02:23 +0000 |
|---|---|---|
| committer | Tilghman Lesher <tilghman@meg.abyt.es> | 2005-12-27 02:02:23 +0000 |
| commit | dd161bec3b0fc208ba3dbfc59cc182cadaa0c3fc (patch) | |
| tree | 78695566ff2240d3c05e57ce0387b21898da632d /configs | |
| parent | 63ed37defd389f67f1406f6defb4f8ffd653402a (diff) | |
Add SQL_ESC to allow single ticks to be escaped
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@7642 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/func_odbc.conf.sample | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/configs/func_odbc.conf.sample b/configs/func_odbc.conf.sample index 0c4a01517..bcf769e37 100644 --- a/configs/func_odbc.conf.sample +++ b/configs/func_odbc.conf.sample @@ -12,6 +12,11 @@ ; In addition, for write statements, you have ${VAL1}, ${VAL2} ... ${VALn} ; parsed, just like arguments, for the values. In addition, if you want the ; whole value, never mind the parsing, you can get that with ${VALUE}. +; +; +; If you have data which may potentially contain single ticks, you may wish +; to use the dialplan function SQL_ESC() to escape the data prior to its +; inclusion in the SQL statement. ; ODBC_SQL - Allow an SQL statement to be built entirely in the dialplan @@ -22,11 +27,11 @@ read=${ARG1} ; ODBC_ANTIGF - A blacklist. [ANTIGF] dsn=mysql1 -read=SELECT COUNT(*) FROM exgirlfriends WHERE callerid='${ARG1}' +read=SELECT COUNT(*) FROM exgirlfriends WHERE callerid='${SQL_ESC(${ARG1})}' ; ODBC_PRESENCE - Retrieve and update presence [PRESENCE] dsn=mysql1 -read=SELECT location FROM presence WHERE id='${ARG1}' -write=UPDATE presence SET location='${VAL1}' WHERE id='${ARG1}' +read=SELECT location FROM presence WHERE id='${SQL_ESC(${ARG1})}' +write=UPDATE presence SET location='${SQL_ESC(${VAL1})}' WHERE id='${SQL_ESC(${ARG1})}' |