col...@news.sift.co.uk wrote: I have come across a number of situations using MySQL with the modules release 1.2207 where placeholder characters were being substituted when they occured within quoted strings, specifically where the " character is used to delimit the string. Specifically where the select statement "SELECT name from table WHERE name = "Hello World?" " would be passed to MySQL as "SELECT name from table WHERE name = "Hello WorldNULL" "

Digging further I tracked this down to the function CountParam( *char ) declared in dbd/bindparam.h which would seem to be a little broken with regards to many kinds of nested quotes in combination with ?'s in perfectly valid SQL.

Here is a patch which fixes all the problems I was having. May I take the time out to apologise to sending a few of these to jo...@ispsoft.de ( the email in the .h file ) before I realised of the existence of this list. Just in case he is reading . Sorry for bothering you.

--- ../bindparam.h Wed Oct 6 17:15:42 1999 +++ ./bindparam.h Wed Oct 6 17:15:33 1999 @@ -31,20 +31,21 @@ static int CountParam(char* statement) { char* ptr = statement; int numParam = 0; + char last,token;

+ last = *ptr; while (*ptr) { switch (*ptr++) { + case '"' : + token = '"' ; + /* fall through */ case '\'': /* * Skip string */ - while (*ptr && *ptr != '\'') { - if (*ptr == '\\') { + token = '\'' ; + while (*ptr && *ptr != token && last != '\\' ) { ++ptr; - } - if (*ptr) { - ++ptr; - } } if (*ptr) { ++ptr; @@ -56,6 +57,7 @@ default: break; } + last = *ptr; } return numParam; }

-- Regards, Colin M Strickland

"Tape my beatworm !"

To unsubscribe, send a message to the address shown in the List-Unsubscribe header of this message. If you cannot see it, e-mail msql...@lists.mysql.com instead.