[postgis-commits] svn - r3377 - trunk/loader

postgis-commits at postgis.refractions.net postgis-commits at postgis.refractions.net
Thu Dec 11 07:56:19 PST 2008 

Author: robe
Date: 2008-12-11 07:56:18 -0800 (Thu, 11 Dec 2008)
New Revision: 3377

Modified:
   trunk/loader/pgsql2shp.c
Log:
Incorporated Mark's suggestion to use PQescapeStringConn instead of building a custom function.  Also fixed typo.  Note using free() instead of PQfree since couldn't find a PQfree.  I looked at the 8.3.5 postgresql source code base, and that's what they seem to use when releasing buffer space.

Modified: trunk/loader/pgsql2shp.c
===================================================================
--- trunk/loader/pgsql2shp.c	2008-12-11 14:55:21 UTC (rev 3376)
+++ trunk/loader/pgsql2shp.c	2008-12-11 15:56:18 UTC (rev 3377)
@@ -90,7 +90,6 @@
 /* Prototypes */
 int getMaxFieldSize(PGconn *conn, char *schema, char *table, char *fname);
 int parse_commandline(int ARGC, char **ARGV);
-char *protect_quotes_string_noiconv(char *str);
 void usage(char* me, int exitstatus, FILE* out);
 char *getTableOID(char *schema, char *table);
 int addRecord(PGresult *res, int residx, int row);
@@ -2075,15 +2074,28 @@
     int		i, result;
 	char *srtext;
 	char *query;
+	char *esc_schema;
+	char *esc_table;
+	char *esc_geo_col_name;
+	int error;
 	PGresult *res;
 	int size;
 	
-	size = strlen(table);
-	if ( schema ) size += strlen(schema);
+	/***********
+	*** I'm multiplying by 2 instead of 3 because I am too lazy to figure out how many characters to add
+	*** after escaping if any **/
+	size = 1000;
+	if ( schema ) {
+		size += 3 * strlen(schema);
+	}
 	size += 1000;
+	esc_table = (char *) malloc(3 * strlen(table) + 1);
+	esc_geo_col_name = (char *) malloc(3 * strlen(geo_col_name) + 1);
+	PQescapeStringConn(conn, esc_table, table, strlen(table), &error);
+	PQescapeStringConn(conn, esc_geo_col_name, geo_col_name, strlen(geo_col_name), &error);
 
 	/** make our address space large enough to hold query with table/schema **/
-	query = (char *)malloc(size);
+	query = (char *) malloc(size);
 	if ( ! query ) return 0; /* out of virtual memory */
 	
 	/**************************************************
@@ -2091,16 +2103,19 @@
 	 * We first check the geometry_columns table for a match and then if no match do a distinct against the table
 	 * NOTE: COALESCE does a short-circuit check returning the faster query result and skipping the second if first returns something
 	 *	Escaping quotes in the schema and table in query may not be necessary except to prevent malicious attacks 
-	 *	or should someone be crazy enough to havshort quotes in their table, column or schema names 
+	 *	or should someone be crazy enough to have quotes or other weird character in their table, column or schema names 
 	 **************************************************/
 	if ( schema )
 	{
+		esc_schema = (char *) malloc(2 * strlen(schema) + 1);
+		PQescapeStringConn(conn, esc_schema, schema, strlen(schema), &error);
 		sprintf(query, "SELECT COALESCE((SELECT sr.srtext "
 				" FROM  geometry_columns As gc INNER JOIN spatial_ref_sys sr ON sr.srid = gc.srid "
 				" WHERE gc.f_table_schema = '%s' AND gc.f_table_name = '%s' AND gc.f_geometry_column = '%s' LIMIT 1),  " 
 				" (SELECT CASE WHEN COUNT(DISTINCT sr.srid) > 1 THEN 'm' ELSE MAX(sr.srtext) END As srtext "
 			" FROM \"%s\".\"%s\" As g INNER JOIN spatial_ref_sys sr ON sr.srid = ST_SRID(g.\"%s\")) , ' ') As srtext ", 
-				protect_quotes_string_noiconv(schema), protect_quotes_string_noiconv(table), protect_quotes_string_noiconv(geo_col_name), schema, table, geo_col_name);
+				esc_schema, esc_table,esc_geo_col_name, schema, table, geo_col_name);
+		free(esc_schema);
 	}
 	else
 	{
@@ -2109,12 +2124,15 @@
 				" WHERE gc.f_table_name = '%s' AND gc.f_geometry_column = '%s' AND pg_table_is_visible((gc.f_table_schema || '.' || gc.f_table_name)::regclass) LIMIT 1),  "
 				" (SELECT CASE WHEN COUNT(DISTINCT sr.srid) > 1 THEN 'm' ELSE MAX(sr.srtext) END as srtext "
 			" FROM \"%s\" As g INNER JOIN spatial_ref_sys sr ON sr.srid = ST_SRID(g.\"%s\")), ' ') As srtext ", 
-				protect_quotes_string_noiconv(table), protect_quotes_string_noiconv(geo_col_name), table, geo_col_name);
+				esc_table, esc_geo_col_name, table, geo_col_name);
 	}
 
 	LWDEBUGF(3,"%s\n",query);
+	free(esc_table);
+	free(esc_geo_col_name);
 
-	res = PQexec(conn, query);	
+	res = PQexec(conn, query);
+	
 	if ( ! res || PQresultStatus(res) != PGRES_TUPLES_OK ) {
 		printf( "Error: %s", PQerrorMessage(conn));
 		return 0;
@@ -2128,7 +2146,7 @@
 			PQclear(res);
 			return 0;
 		}
-		else 
+		else {
 			if (srtext[0] == ' '){
 				printf("ERROR: Cannot determine spatial reference (empty table or unknown spatial ref).\n");
 				PQclear(res);
@@ -2165,53 +2183,14 @@
 				LWDEBUGF(3, "\n result %d proj SRText is %s .\n", result, srtext);	
 				fclose( fp );
 				free( pszFullname );
-			}	
+			}
+		}
 	}
 	PQclear(res);
-
+	free(query);
 	return 1;
 }
 
-char *
-protect_quotes_string_noiconv(char *str)
-{
-	/*
-	 * find all quotes and make them \quotes
-	 * find all '\' and make them '\\'
-	 * 	 
-	 * 1. find # of characters
-	 * 2. make new string 
-	 */
-
-	char	*result;
-	char	*ptr, *optr;
-	int	toescape = 0;
-	size_t size;
-	ptr = str;
-
-	while (*ptr) {
-		if ( *ptr == '\'' || *ptr == '\\' ) toescape++;
-		ptr++;
-	}
-
-	if (toescape == 0) return str;
-	
-	size = ptr-str+toescape+1;
-
-	result = calloc(1, size);
-
-	optr=result;
-	ptr=str;
-	while (*ptr) {
-		if ( *ptr == '\\' ) *optr++='\\';
-                if ( *ptr == '\'') *optr++='\'';
-		*optr++=*ptr++;
-	}
-	*optr='\0';
-
-	return result;
-}
-
 /**********************************************************************
  * $Log$
  * Revision 1.85  2006/06/16 14:12:16  strk

More information about the postgis-commits mailing list