database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-01-06 05:22:24 +03:00
Code Activity

Table identifiers and file names were not quoted and escaped correctly by

Browse Source 
mysqlimport. (Bug #28071)
This commit is contained in:
Jim Winstead
2009-05-19 15:26:57 -07:00
parent eb1261502c
commit 16aeb5ad3d
3 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
client/mysqlimport.c
View File

@@ -303,7 +303,8 @@ static int get_options(int *argc, char ***argv)
static int write_to_table(char *filename, MYSQL *mysql)
{
char tablename[FN_REFLEN], hard_path[FN_REFLEN],
sql_statement[FN_REFLEN*16+256], *end;
escaped_name[FN_REFLEN * 2 + 1],
sql_statement[FN_REFLEN*16+256], *end, *pos;
DBUG_ENTER("write_to_table");
DBUG_PRINT("enter",("filename: %s",filename));
@@ -338,15 +339,24 @@ static int write_to_table(char *filename, MYSQL *mysql)
fprintf(stdout, "Loading data from SERVER file: %s into %s\n",
hard_path, tablename);
}
mysql_real_escape_string(mysql, escaped_name, hard_path, strlen(hard_path));
sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
opt_low_priority ? "LOW_PRIORITY" : "",
opt_local_file ? "LOCAL" : "", hard_path);
opt_local_file ? "LOCAL" : "", escaped_name);
end= strend(sql_statement);
if (replace)
end= strmov(end, " REPLACE");
if (ignore)
end= strmov(end, " IGNORE");
end= strmov(strmov(end, " INTO TABLE "), tablename);
end= strmov(end, " INTO TABLE `");
/* Turn any ` into `` in table name. */
for (pos= tablename; *pos; pos++)
{
if (*pos == '`')
*end++= '`';
*end++= *pos;
}
end= strmov(end, "`");
if (fields_terminated || enclosed || opt_enclosed || escaped)
end= strmov(end, " FIELDS");