From 06f9a1fcbb40856fae744e49be3bf0e166246293 Mon Sep 17 00:00:00 2001 From: Adam Chlipala Date: Tue, 10 Aug 2010 15:55:43 -0400 Subject: Better UTF-8 escaping for JavaScript and SQL literals --- src/postgres.sml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'src/postgres.sml') diff --git a/src/postgres.sml b/src/postgres.sml index 8541ca4a..12e928c5 100644 --- a/src/postgres.sml +++ b/src/postgres.sml @@ -331,7 +331,7 @@ fun init {dbstring, prepared = ss, tables, views, sequences} = box [string "res = PQprepare(conn, \"uw", string (Int.toString i), string "\", \"", - string (String.toString s), + string (String.toCString s), string "\", ", string (Int.toString n), string ", NULL);", @@ -349,7 +349,7 @@ fun init {dbstring, prepared = ss, tables, views, sequences} = string "PQfinish(conn);", newline, string "uw_error(ctx, FATAL, \"Unable to create prepared statement:\\n", - string (String.toString s), + string (String.toCString s), string "\\n%s\", msg);", newline], string "}", @@ -473,7 +473,7 @@ fun init {dbstring, prepared = ss, tables, views, sequences} = string "static void uw_db_init(uw_context ctx) {", newline, string "PGconn *conn = PQconnectdb(\"", - string (String.toString dbstring), + string (String.toCString dbstring), string "\");", newline, string "if (conn == NULL) uw_error(ctx, FATAL, ", @@ -698,14 +698,14 @@ fun queryPrepared {loc, id, query, inputs, cols, doCols, nested = _} = string ", paramValues, paramLengths, paramFormats, 0);"] else box [string "PQexecParams(conn, \"", - string (String.toString query), + string (String.toCString query), string "\", ", string (Int.toString (length inputs)), string ", NULL, paramValues, paramLengths, paramFormats, 0);"], newline, newline, queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", - string (String.toString query), + string (String.toCString query), string "\""]}] fun dmlCommon {loc, dml} = @@ -779,14 +779,14 @@ fun dmlPrepared {loc, id, dml, inputs} = string ", paramValues, paramLengths, paramFormats, 0);"] else box [string "PQexecParams(conn, \"", - string (String.toString dml), + string (String.toCString dml), string "\", ", string (Int.toString (length inputs)), string ", NULL, paramValues, paramLengths, paramFormats, 0);"], newline, newline, dmlCommon {loc = loc, dml = box [string "\"", - string (String.toString dml), + string (String.toCString dml), string "\""]}] fun nextvalCommon {loc, query} = @@ -863,12 +863,12 @@ fun nextvalPrepared {loc, id, query} = string "\", 0, NULL, NULL, NULL, 0);"] else box [string "PQexecParams(conn, \"", - string (String.toString query), + string (String.toCString query), string "\", 0, NULL, NULL, NULL, NULL, 0);"], newline, newline, nextvalCommon {loc = loc, query = box [string "\"", - string (String.toString query), + string (String.toCString query), string "\""]}] fun setvalCommon {loc, query} = @@ -921,7 +921,7 @@ fun sqlifyString s = "E'" ^ String.translate (fn #"'" => "\\'" else "\\" ^ StringCvt.padLeft #"0" 3 (Int.fmt StringCvt.OCT (ord ch))) - (String.toString s) ^ "'::text" + (String.toCString s) ^ "'::text" fun p_cast (s, t) = s ^ "::" ^ p_sql_type t -- cgit v1.2.3