--- parser3/src/classes/table.C 2009/06/14 00:33:36 1.258 +++ parser3/src/classes/table.C 2009/07/06 12:13:30 1.261 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_TABLE_C="$Date: 2009/06/14 00:33:36 $"; +static const char * const IDENT_TABLE_C="$Date: 2009/07/06 12:13:30 $"; #if (!defined(NO_STRINGSTREAM) && !defined(FREEBSD4)) #include @@ -1047,9 +1047,9 @@ public: columns(*new ArrayString), row(0), table(0) { } - bool add_column(SQL_Error& error, const char *str, size_t) { + bool add_column(SQL_Error& error, const char *str, size_t length) { try { - columns+=new String(str, String::L_TAINTED); + columns+=new String(str, String::L_TAINTED, length); return false; } catch(...) { error=SQL_Error("exception occured in Table_sql_event_handlers::add_column"); @@ -1075,9 +1075,9 @@ public: return true; } } - bool add_row_cell(SQL_Error& error, const char* str, size_t) { + bool add_row_cell(SQL_Error& error, const char* str, size_t length) { try { - *row+=new String(str, String::L_TAINTED); + *row+=new String(str, String::L_TAINTED, length); return false; } catch(...) { error=SQL_Error("exception occured in Table_sql_event_handlers::add_row_cell"); @@ -1094,7 +1094,7 @@ static void marshal_bind( { SQL_Driver::Placeholder& ph=**pptr; ph.name=aname.cstr(); - ph.value=avalue->as_string().cstr(String::L_UNSPECIFIED); + ph.value=avalue->as_string().untaint_cstr(String::L_AS_IS); ph.is_null=avalue->get_class()==void_class; ph.were_updated=false; @@ -1164,8 +1164,8 @@ static void _sql(Request& r, MethodParam Temp_lang temp_lang(r, String::L_SQL); const String& statement_string=r.process_to_string(statement); - const char* statement_cstr= - statement_string.cstr(String::L_UNSPECIFIED, r.connection()); + const char* statement_cstr=statement_string.untaint_cstr(String::L_AS_IS, r.connection()); + Table_sql_event_handlers handlers; #ifdef RESOURCES_DEBUG struct timeval mt[2];