MSG_BEGIN();
msg_error_t err = MSG_SUCCESS;
- int rowCnt = 0;
+ char *filterStr = NULL;
char sqlQuery[MAX_QUERY_LEN+1];
- memset(sqlQuery, 0x00, sizeof(sqlQuery));
+ MsgConvertStrWithEscape(pFilter->filterValue, &filterStr);
- snprintf(sqlQuery, sizeof(sqlQuery), "SELECT FILTER_ID FROM %s WHERE FILTER_TYPE = %d AND FILTER_VALUE = '%s';",
- MSGFW_FILTER_TABLE_NAME, pFilter->filterType, pFilter->filterValue);
+ memset(sqlQuery, 0x00, sizeof(sqlQuery));
+ snprintf(sqlQuery, sizeof(sqlQuery), "SELECT FILTER_ID FROM %s WHERE FILTER_TYPE = %d AND FILTER_VALUE = ?;",
+ MSGFW_FILTER_TABLE_NAME, pFilter->filterType);
MSG_DEBUG("sql : %s", sqlQuery);
- err = dbHandle.getTable(sqlQuery, &rowCnt);
+ if (dbHandle.prepareQuery(sqlQuery) != MSG_SUCCESS)
+ return MSG_ERR_DB_EXEC;
+
+ dbHandle.bindText(filterStr, 1);
- if (err == MSG_SUCCESS)
+ err = dbHandle.stepQuery();
+
+ if (err == MSG_ERR_DB_ROW) {
err = MSG_ERR_FILTER_DUPLICATED;
- else if (err == MSG_ERR_DB_NORECORD)
+ } else if (err == MSG_ERR_DB_DONE) {
err = MSG_SUCCESS;
+ }
- dbHandle.freeTable();
+ dbHandle.finalizeQuery();
+
+ if (filterStr)
+ free(filterStr);
MSG_END();
#define MAX_FOLDER_NAME_LEN 20
#define MAX_ACCOUNT_NAME_LEN 51
+#define MSGFW_DB_ESCAPE_CHAR '\\'
/*==================================================================================================
FUNCTION PROTOTYPES
==================================================================================================*/
void MsgReleaseMemoryDB();
-
+msg_error_t MsgConvertStrWithEscape(const char *input, char **output);
/*==================================================================================================
CLASS DEFINITIONS
MSG_DEBUG("freed memory size (bytes) : [%d]", freeSize);
}
+
+msg_error_t MsgConvertStrWithEscape(const char *input, char **output)
+{
+ if (input == NULL || output == NULL || strlen(input) == 0) {
+ MSG_DEBUG("MSG_ERR_INVALID_PARAMETER");
+ return MSG_ERR_INVALID_PARAMETER;
+ }
+
+ int inputSize = 0;
+ int i = 0;
+ int j = 0;
+
+ inputSize = strlen(input);
+ MSG_DEBUG("Size of input string [%d]", inputSize);
+
+ char tmpStr[(inputSize*2)+3];
+ memset(tmpStr, 0x00, sizeof(tmpStr));
+
+ tmpStr[j++] = '%';
+
+ for(i=0;i<inputSize;i++) {
+ if (input[i] == '\'' || input[i] == '_' || input[i] == '%' || input[i] == '\\') {
+ tmpStr[j++] = MSGFW_DB_ESCAPE_CHAR;
+ }
+ tmpStr[j++] = input[i];
+ }
+ tmpStr[j++] = '%';
+ tmpStr[j] = '\0';
+
+ *output = strdup(tmpStr);
+
+ return MSG_SUCCESS;
+}