diff options
author | Christian Ehrlicher <ch.ehrlicher@gmx.de> | 2024-02-26 15:18:39 +0100 |
---|---|---|
committer | Christian Ehrlicher <ch.ehrlicher@gmx.de> | 2024-03-02 00:12:55 +0100 |
commit | 000d462bf93b21a9bbb46fdba631c09ba3eb9276 (patch) | |
tree | 7d61e0f5b4bfc7e9efb9e954dff4a5c98fe4baf6 /src/plugins/sqldrivers/odbc | |
parent | 3b7013f9b7a111f0c40922e1de9c9f386a38e4f5 (diff) |
SQL/ODBC: escape values in connection string
Values in connection strings must be escaped when they
- contain a ; -> escape with "
- start with ' -> escape with "
- start with " -> escape with '
Fixes: QTBUG-122642
Pick-to: 6.7
Change-Id: I1df638194067af5df94a34009e1547886fdf928c
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/plugins/sqldrivers/odbc')
-rw-r--r-- | src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp index a8f47e086b..f33aec7a83 100644 --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp @@ -1918,6 +1918,18 @@ bool QODBCDriver::open(const QString & db, int, const QString& connOpts) { + const auto ensureEscaped = [](QString arg) -> QString { + QChar quoteChar; + if (arg.startsWith(u'"')) + quoteChar = u'\''; + else if (arg.startsWith(u'\'')) + quoteChar = u'"'; + else if (arg.contains(u';')) + quoteChar = u'"'; + else + return arg; + return quoteChar + arg + quoteChar; + }; Q_D(QODBCDriver); if (isOpen()) close(); @@ -1953,17 +1965,17 @@ bool QODBCDriver::open(const QString & db, QString connQStr; // support the "DRIVER={SQL SERVER};SERVER=blah" syntax if (db.contains(".dsn"_L1, Qt::CaseInsensitive)) - connQStr = "FILEDSN="_L1 + db; + connQStr = "FILEDSN="_L1 + ensureEscaped(db); else if (db.contains("DRIVER="_L1, Qt::CaseInsensitive) || db.contains("SERVER="_L1, Qt::CaseInsensitive)) - connQStr = db; + connQStr = ensureEscaped(db); else - connQStr = "DSN="_L1 + db; + connQStr = "DSN="_L1 + ensureEscaped(db); if (!user.isEmpty()) - connQStr += ";UID="_L1 + user; + connQStr += ";UID="_L1 + ensureEscaped(user); if (!password.isEmpty()) - connQStr += ";PWD="_L1 + password; + connQStr += ";PWD="_L1 + ensureEscaped(password); SQLSMALLINT cb; QVarLengthArray<SQLTCHAR, 1024> connOut(1024); |