From 3f5be0f4fc7a910d5cc78289b37c6e3c1aaf746c Mon Sep 17 00:00:00 2001 From: Rolf Schmidt Date: Mon, 26 Oct 2020 10:21:28 +0100 Subject: [PATCH] mysql: fix unwrapped unsafe code of mysql lib (#6680). (#6681) --- vlib/mysql/mysql.v | 6 ++---- vlib/mysql/result.v | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/vlib/mysql/mysql.v b/vlib/mysql/mysql.v index a9c22eb644..eed3638ecf 100644 --- a/vlib/mysql/mysql.v +++ b/vlib/mysql/mysql.v @@ -102,10 +102,8 @@ pub fn (conn Connection) tables(wildcard string) ?[]string { // escape_string creates a legal SQL string for use in an SQL statement. pub fn (conn Connection) escape_string(s string) string { - len := C.strlen(s.str) - to := malloc(2 * len + 1) - quote := byte(39) // single quote - C.mysql_real_escape_string_quote(conn.conn, to, s.str, len, quote) + to := malloc(2 * s.len + 1) + C.mysql_real_escape_string_quote(conn.conn, to, s.str, s.len, `\'`) return unsafe {to.vstring()} } diff --git a/vlib/mysql/result.v b/vlib/mysql/result.v index 98f77aa67d..10cbe11b95 100644 --- a/vlib/mysql/result.v +++ b/vlib/mysql/result.v @@ -31,10 +31,10 @@ pub fn (r Result) rows() []Row { for rr := r.fetch_row(); rr; rr = r.fetch_row() { mut row := Row{} for i in 0 .. nr_cols { - if rr[i] == 0 { + if unsafe {rr[i] == 0} { row.vals << '' } else { - row.vals << mystring(byteptr(rr[i])) + row.vals << mystring(unsafe {byteptr(rr[i])}) } } rows << row @@ -63,7 +63,7 @@ pub fn (r Result) fields() []Field { nr_cols := r.n_fields() orig_fields := C.mysql_fetch_fields(r.result) for i in 0 .. nr_cols { - fields << Field{ + unsafe {fields << Field{ name: mystring(orig_fields[i].name) org_name: mystring(orig_fields[i].org_name) table: mystring(orig_fields[i].table) @@ -84,7 +84,7 @@ pub fn (r Result) fields() []Field { decimals: orig_fields.decimals charsetnr: orig_fields.charsetnr type_: FieldType(orig_fields.@type) - } + }} } return fields }