1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
/* Test parameter quoting, with standard_conforming_strings on/off */
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "common.h"
static void
execWithParam(HSTMT hstmt, char *sql, char *param)
{
SQLLEN cbParam1;
int rc;
printf("Executing: %s with param: %s\n", sql, param);
/* bind param */
cbParam1 = SQL_NTS;
rc = SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT,
SQL_C_CHAR, /* value type */
SQL_CHAR, /* param type */
20, /* column size */
0, /* dec digits */
param, /* param value ptr */
0, /* buffer len */
&cbParam1 /* StrLen_or_IndPtr */);
CHECK_STMT_RESULT(rc, "SQLBindParameter failed", hstmt);
rc = SQLExecDirect(hstmt, (SQLCHAR *) sql, SQL_NTS);
CHECK_STMT_RESULT(rc, "SQLExecDirect failed", hstmt);
print_result(hstmt);
rc = SQLFreeStmt(hstmt, SQL_CLOSE);
CHECK_STMT_RESULT(rc, "SQLFreeStmt failed", hstmt);
}
void
runtest(HSTMT hstmt, int scs)
{
/* Turn standard_conforming_strings on or off, as requested by caller */
char sql[50];
int rc;
snprintf(sql, sizeof(sql), "SET standard_conforming_strings=%s",
scs ? "on" : "off");
printf("\n%s\n", sql);
rc = SQLExecDirect(hstmt, (SQLCHAR *) sql, SQL_NTS);
CHECK_STMT_RESULT(rc, "SQLExecDirect failed", hstmt);
rc = SQLFreeStmt(hstmt, SQL_CLOSE);
CHECK_STMT_RESULT(rc, "SQLFreeStmt failed", hstmt);
/*
* Check that the driver escapes quotes correctly when sending
* parameters to the server. (This is mostly of concern with
* UseServerSidePrepare=0, but it's worth checking with
* UseServerSidePrepare=1 too, to make sure that the driver doesn't
* incorrectly quote values sent as out-of-band parameters when it
* shouldn't do so.
*/
execWithParam(hstmt, "SELECT 'foo', ?::text", "param'quote");
execWithParam(hstmt, "SELECT 'foo', ?::text", "param\\backslash");
execWithParam(hstmt, "SELECT 'foo', ?::text", "ends with backslash\\");
/*
* Check that the driver's built-in parser interprets quotes
* correctly. It needs to know about quoting so that it can
* distinguish between ? parameter markers and ? question marks
* within string literals.
*/
execWithParam(hstmt, "SELECT 'doubled '' quotes', ?::text", "param");
execWithParam(hstmt, "SELECT E'escaped quote\\' here', ?::text", "param");
execWithParam(hstmt, "SELECT $$dollar quoted string$$, ?::text", "param");
execWithParam(hstmt, "SELECT $xx$complex $dollar quotes$xx$, ?::text", "param");
execWithParam(hstmt, "SELECT $dollar$morecomplex $dollar quotes$dollar$, ?::text", "param");
/*
* With standards_conforming_strings off, also test backslash escaping
* without the E'' syntax.
*/
if (!scs)
execWithParam(hstmt, "SELECT 'escaped quote\\' here', ?::text", "param");
/* Some tests with '$'s in identifiers. */
execWithParam(hstmt, "SELECT ?::text, '1' a$1", "$ in an identifier");
execWithParam(hstmt, "SELECT '1'::text a$$S1,?::text,$$2 $'s in an identifier$$::text", "param");
}
int main(int argc, char **argv)
{
int rc;
HSTMT hstmt = SQL_NULL_HSTMT;
test_connect();
rc = SQLAllocHandle(SQL_HANDLE_STMT, conn, &hstmt);
if (!SQL_SUCCEEDED(rc))
{
print_diag("failed to allocate stmt handle", SQL_HANDLE_DBC, conn);
exit(1);
}
runtest(hstmt, 1);
runtest(hstmt, 0);
/* Clean up */
test_disconnect();
return 0;
}
|
