From c3d0f7e4639d76e9753e965070fc5b613c1146fd Mon Sep 17 00:00:00 2001 From: Mark Spencer Date: Sun, 17 Aug 2003 16:53:10 +0000 Subject: Escape fields going into MySQL CDR's git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@1358 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- cdr/cdr_mysql.c | 40 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) (limited to 'cdr') diff --git a/cdr/cdr_mysql.c b/cdr/cdr_mysql.c index a74756b24..fa435b0da 100755 --- a/cdr/cdr_mysql.c +++ b/cdr/cdr_mysql.c @@ -86,11 +86,43 @@ static int mysql_log(struct ast_cdr *cdr) } if (connected) { + char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL, *uniqueid=NULL; + + /* Maximum space needed would be if all characters needed to be escaped, plus a trailing NULL */ + if (clid = alloca(strlen(cdr->clid) * 2 + 1)) + mysql_real_escape_string(&mysql, clid, cdr->clid, strlen(cdr->clid)); + if (dcontext = alloca(strlen(cdr->dcontext) * 2 + 1)) + mysql_real_escape_string(&mysql, dcontext, cdr->dcontext, strlen(cdr->dcontext)); + if (channel = alloca(strlen(cdr->channel) * 2 + 1)) + mysql_real_escape_string(&mysql, channel, cdr->channel, strlen(cdr->channel)); + if (dstchannel = alloca(strlen(cdr->dstchannel) * 2 + 1)) + mysql_real_escape_string(&mysql, dstchannel, cdr->dstchannel, strlen(cdr->dstchannel)); + if (lastapp = alloca(strlen(cdr->lastapp) * 2 + 1)) + mysql_real_escape_string(&mysql, lastapp, cdr->lastapp, strlen(cdr->lastapp)); + if (lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) + mysql_real_escape_string(&mysql, lastdata, cdr->lastdata, strlen(cdr->lastdata)); +#ifdef MYSQL_LOGUNIQUEID + if (uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) + mysql_real_escape_string(&mysql, uniqueid, cdr->uniqueid, strlen(cdr->uniqueid)); +#endif + + /* Check for all alloca failures above at once */ +#ifdef MYSQL_LOGUNIQUEID + if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid)) { +#else + if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata)) { +#endif + ast_log(LOG_ERROR, "cdr_mysql: Out of memory error (insert fails)\n"); + ast_mutex_unlock(&mysql_lock); + return -1; + } + ast_log(LOG_DEBUG,"cdr_mysql: inserting a CDR record.\n"); + #ifdef MYSQL_LOGUNIQUEID - sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')",timestr,cdr->clid,cdr->src, cdr->dst, cdr->dcontext,cdr->channel, cdr->dstchannel, cdr->lastapp, cdr->lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, cdr->uniqueid); + sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid); #else - sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')",timestr,cdr->clid,cdr->src, cdr->dst, cdr->dcontext,cdr->channel, cdr->dstchannel, cdr->lastapp, cdr->lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode); + sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode); #endif ast_log(LOG_DEBUG,"cdr_mysql: SQL command as follows: %s\n",sqlcmd); @@ -175,7 +207,7 @@ int load_module(void) return -1; } } else { - ast_log(LOG_WARNING,"MySQL server hostname not specified. Assuming localhost"); + ast_log(LOG_WARNING,"MySQL server hostname not specified. Assuming localhost\n"); hostname = "localhost"; } @@ -220,7 +252,7 @@ int load_module(void) return -1; } } else { - ast_log(LOG_WARNING,"MySQL database sock file not specified. Assuming default\n"); + ast_log(LOG_WARNING,"MySQL database sock file not specified. Using default\n"); dbsock = NULL; } -- cgit v1.2.3