This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Definition in file switch_core_db.h.
| char* switch_sql_concat | ( | void | ) |
This routine is a variant of the "sprintf()" from the standard C library. The resulting string is written into memory obtained from malloc() so that there is never a possiblity of buffer overflow. This routine also implement some additional formatting options that are useful for constructing SQL statements.
The strings returned by this routine should be freed by calling switch_core_db_free().
All of the usual printf formatting options apply. In addition, there is a "%q" option. q works like s in that it substitutes a null-terminated string from the argument list. But q also doubles every '\'' character. q is designed for use inside a string literal. By doubling each '\'' character it escapes that character and allows it to be inserted into the string.
For example, so some string variable contains text as follows:
char *zText = "It's a happy day!";
We can use this text in an SQL statement as follows:
char *z = switch_core_db_mprintf("INSERT INTO TABLES('%q')", zText); switch_core_db_exec(db, z, callback1, 0, 0); switch_core_db_free(z);
Because the q format string is used, the '\'' character in zText is escaped and the SQL generated is as follows:
INSERT INTO table1 VALUES('It''s a happy day!')
This is correct. Had we used s instead of q, the generated SQL would have looked like this:
INSERT INTO table1 VALUES('It's a happy day!');
This second example is an SQL syntax error. As a general rule you should always use q instead of s when inserting text into a string literal.
Definition at line 2200 of file switch_core_sqldb.c.
References DBTYPE_MSSQL, switch_runtime::odbc_dbtype, and runtime.
02201 { 02202 if(runtime.odbc_dbtype == DBTYPE_MSSQL) 02203 return "+"; 02204 02205 return "||"; 02206 }
1.4.7