luisgulo/photoprism
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
photoprism/pkg/sanitize/sql.go

42 lines
781 B
Go
Raw Normal View History

Search: Improve album, albums, lens, and camera filters #1994 #2079 Camera and lens can now also be searched by name. Escaping and parsing of albums has been improved so that albums whose names start with and/or contain numbers will be found.
2022-03-24 18:30:59 +01:00
package sanitize
import (
"bytes"
)
// sqlSpecialBytes contains special bytes to escape in SQL search queries.
Search: Improve input sanitation and filter queries #1994 #2079 #2181
2022-03-25 18:01:34 +01:00
// see https://mariadb.com/kb/en/string-literals/
var sqlSpecialBytes = []byte{34, 39, 92, 95} // ", ', \, _
Search: Improve album, albums, lens, and camera filters #1994 #2079 Camera and lens can now also be searched by name. Escaping and parsing of albums has been improved so that albums whose names start with and/or contain numbers will be found.
2022-03-24 18:30:59 +01:00
// SqlString escapes a string for use in an SQL query.
func SqlString(s string) string {
var i int
for i = 0; i < len(s); i++ {
if bytes.Contains(sqlSpecialBytes, []byte{s[i]}) {
break
}
}
// No special characters found, return original string.
if i >= len(s) {
return s
}
b := make([]byte, 2*len(s)-i)
copy(b, s[:i])
j := i
for ; i < len(s); i++ {
if s[i] < 31 {
// Ignore control chars.
continue
}
if bytes.Contains(sqlSpecialBytes, []byte{s[i]}) {
b[j] = '\\'
j++
}
b[j] = s[i]
j++
}
return string(b[:j])
}
Reference in a new issue Copy permalink