diff --git a/mysql-dbadm.c b/mysql-dbadm.c index 755424e..c7d1f0f 100644 --- a/mysql-dbadm.c +++ b/mysql-dbadm.c @@ -1,11 +1,13 @@ /* - * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.21 2007-06-07 11:43:52 geirha Exp $ + * @(#) $Header: /home/stud/admin/cvs/mysql-admutils/mysql-dbadm.c,v 1.20 2007/06/04 08:40:54 geirha Exp $ * * mysql-dbadm.c * */ -#include +#include "config.h" +#include "mysql-admutils.h" + #include #include #include @@ -16,12 +18,18 @@ #include #include #include -#include "mysql-admutils.h" /* New database names may only use these characters in their identifier */ const char dbname_validchars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-"; +/* same as strcpy, but returns a pointer to the end of dest instead of start */ +char *strmov(char *dest, const char *src) { + while ((*dest++ = *src++)) + ; + return dest-1; +} + /* Returns true if dbname contains only characters in dbname_validchars. */ int dbname_isclean(char* dbname) { int reallen, cleanlen; @@ -65,12 +73,12 @@ int valid_priv(const char *s) { if (s == NULL) return 0; - #define ACCEPT(x) if (strcmp(s, x) == 0) return 1 +#define ACCEPT(x) if (strcmp(s, x) == 0) return 1 ACCEPT("Y"); ACCEPT("N"); ACCEPT("y"); ACCEPT("n"); - #undef ACCEPT +#undef ACCEPT return 0; /* not a valid priv */ } @@ -138,8 +146,14 @@ create(MYSQL *pmysql, char *db) } mysql_select_db(pmysql, "mysql"); // oppretter databasen. - char query[1024]; - sprintf(query, "create database `%s`", db); + char query[1024], *end; + end = strmov(query, "CREATE DATABASE `"); + end += mysql_real_escape_string(pmysql, end, db, strlen(db)); + *end++ = '`'; + *end = '\0'; +#ifdef DEBUG + printf("query: %s\n", query); +#endif if (mysql_query(pmysql, query)) return dberror(pmysql, "Cannot create database '%s'.", db); fprintf(stderr, "Database '%s' created.\n", db); @@ -150,9 +164,16 @@ create(MYSQL *pmysql, char *db) int drop(MYSQL *pmysql, char *db) { - char query[1024]; + char query[1024], *end; - sprintf(query, "delete from db where db = '%s'", db); + end = strmov(query, "DELETE FROM db WHERE db = '"); + end += mysql_real_escape_string(pmysql, end, db, strlen(db)); + *end++ = '\''; + *end = '\0'; + +#ifdef DEBUG + printf("query: %s\n", query); +#endif if (mysql_query(pmysql, query)) dberror(pmysql, "Failed to delete permissions for database '%s'.", db); @@ -162,7 +183,14 @@ drop(MYSQL *pmysql, char *db) } mysql_select_db(pmysql, "mysql"); - sprintf(query, "drop database `%s`", db); + end = strmov(query, "DROP DATABASE `"); + end += mysql_real_escape_string(pmysql, end, db, strlen(db)); + *end++ = '`'; + *end = '\0'; + +#ifdef DEBUG + printf("query: %s\n", query); +#endif if (mysql_query(pmysql, query)) return dberror(pmysql, "Cannot drop database '%s'.", db); @@ -246,8 +274,7 @@ list(MYSQL *pmysql) free(wild); - free(res); - free(cp_kopi); + mysql_free_result(res); cp++; } @@ -272,6 +299,7 @@ list(MYSQL *pmysql) dblist[counter++] = strdup(row[0]); } } + mysql_free_result(res); res = mysql_list_dbs(pmysql, p->pw_name); rows = mysql_num_rows(res); @@ -280,7 +308,10 @@ list(MYSQL *pmysql) dblist[counter] = NULL; + mysql_free_result(res); free(wild); + for (i=0;i= MAX_GRANTS) @@ -454,7 +520,13 @@ editperm(MYSQL *pmysql, const char *db) /* now that we have checked the input for errors, we can safely delete the old grants from the database and insert the new ones. */ - sprintf(query, "delete from db where db='%s'", db); + end = strmov(query, "DELETE FROM db WHERE db = '"); + end += mysql_real_escape_string(pmysql, end, db, strlen(db)); + *end++ = '\''; + *end = '\0'; +#ifdef DEBUG + printf("query: %s\n", query); +#endif if (mysql_query(pmysql, query)) dberror(pmysql, "Failed to delete old grants for '%s'.", db); @@ -466,6 +538,7 @@ editperm(MYSQL *pmysql, const char *db) #endif if (mysql_query(pmysql, queries[i])) dberror(pmysql, "Failed to insert grant line %d.", i + 1); + free(queries[i]); } return 0; @@ -517,7 +590,7 @@ main(int argc, char *argv[]) else return wrong_use("unrecognized command"); /* XXX */ - /* all other than show requires at lease one DATABASE argument. */ + /* all other than show requires at least one DATABASE argument. */ if ((command != c_show) && (argc < 3)) return wrong_use(NULL);