--- a/dbd/postgresql/statement.c Fri Dec 05 09:20:31 2008 +0000 +++ b/dbd/postgresql/statement.c Sat Dec 06 00:32:37 2008 +0000 @@ -1,8 +1,5 @@ #include "dbd_postgresql.h" -#define MAX_PLACEHOLDERS 9999 -#define MAX_PLACEHOLDER_SIZE (1+4) /* $\d{4} */ - static lua_push_type_t postgresql_to_lua_push(unsigned int postgresql_type) { lua_push_type_t lua_type; @@ -28,85 +25,6 @@ return lua_type; } -/* - * replace '?' placeholders with $\d+ placeholders - * to be compatible with PSQL API - */ -static char *replace_placeholders(lua_State *L, const char *sql) { - size_t len = strlen(sql); - int num_placeholders = 0; - int extra_space = 0; - int i; - char *newsql; - int newpos = 1; - int ph_num = 1; - int in_quote = 0; - - /* - * dumb count of all '?' - * this will match more placeholders than necessesary - * but it's safer to allocate more placeholders at the - * cost of a few bytes than risk a buffer overflow - */ - for (i = 1; i < len; i++) { - if (sql[i] == '?') { - num_placeholders++; - } - } - - /* - * this is MAX_PLACEHOLDER_SIZE-1 because the '?' is - * replaced with '$' - */ - extra_space = num_placeholders * (MAX_PLACEHOLDER_SIZE-1); - - /* - * allocate a new string for the converted SQL statement - */ - newsql = malloc(sizeof(char) * (len+extra_space+1)); - memset(newsql, 0, sizeof(char) * (len+extra_space+1)); - - /* - * copy first char. In valid SQL this cannot be a placeholder - */ - newsql[0] = sql[0]; - - /* - * only replace '?' not in a single quoted string - */ - for (i = 1; i < len; i++) { - /* - * don't change the quote flag if the ''' is preceded - * bt a '\' to account for escaping - */ - if (sql[i] == '\'' && sql[i-1] != '\\') { - in_quote = !in_quote; - } - - if (sql[i] == '?' && !in_quote) { - size_t n; - - if (ph_num > MAX_PLACEHOLDERS) { - luaL_error(L, "Sorry, you are using more than %d placeholders. Use ${num} format instead", MAX_PLACEHOLDERS); - } - - n = snprintf(&newsql[newpos], MAX_PLACEHOLDER_SIZE, "$%u", ph_num++); - - newpos += n; - } else { - newsql[newpos] = sql[i]; - newpos++; - } - } - - /* - * terminate string on the last position - */ - newsql[newpos] = '\0'; - - /* fprintf(stderr, "[%s]\n", newsql); */ - return newsql; -} /* * success = statement:close() @@ -359,7 +277,7 @@ /* * convert SQL string into a PSQL API compatible SQL statement */ - new_sql = replace_placeholders(L, sql_query); + new_sql = replace_placeholders(L, '$', sql_query); snprintf(name, IDLEN, "%017u", ++conn->statement_id);