WL#8077 Extend mysql_real_escape() to be aware of the string type it's escaping for.

maras007 · maras007 · commit db91b6252348 · 2015-01-31T02:33:08.000+01:00
mysql_real_escape_string() function was found insecure when sql_mode was set to
NO_BACKSLASH_ESCAPES. mysql_real_escape_string() function reports error when sql_mode
is set to NO_BACKSLASH_ESCAPES.

Newly introduced API function mysql_real_escape_string_quote() should be used instead.
Additional char type parameter allows to specify, which character should be doubled.
Doubled character is a quote character of the identifier or a string within a SQL query.

tests/mysql_client_test.c
  Fixed test_bug21246 test - buffer overflow.
diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
@@ -14100,7 +14100,7 @@ static void test_bug10214()
 static void test_bug21246()
 {
   int   len;
-  char  out[10];
+  char  out[11];
 
   myheader("test_bug21246");
 

Original file line number	Diff line number	Diff line change
`@@ -14100,7 +14100,7 @@ static void test_bug10214()`
`14100`	`14100`	`static void test_bug21246()`
`14101`	`14101`	`{`
`14102`	`14102`	`int len;`
`14103`		`- char out[10];`
	`14103`	`+ char out[11];`
`14104`	`14104`
`14105`	`14105`	`myheader("test_bug21246");`
`14106`	`14106`