Added escape methods to the Database class. Implemented them for the MySQL, and Sqlite backend.

core/database/database.cpp

@@ -21,6 +21,14 @@ TableBuilder *Database::get_table_builder() {
 	return new TableBuilder();
 }
 
+std::string Database::escape(const std::string str) {
+	return std::string();
+}
+
+void Database::escape(const std::string str, std::string *to) {
+
+}
+
 Database::Database() {
 }
 

core/database/database.h

@@ -35,6 +35,9 @@ public:
 	virtual QueryBuilder *get_query_builder();
 	virtual TableBuilder *get_table_builder();
 
+	virtual std::string escape(const std::string str);
+	virtual void escape(const std::string str, std::string *to);
+
 	Database();
 	~Database();
 

core/database/query_builder.h

@@ -10,6 +10,7 @@ public:
 	virtual QueryBuilder *from(const std::string &params);
 	virtual QueryBuilder *limit(const int min, const int max);
 	virtual QueryBuilder *insert(const std::string &table_name, const std::string &params_str);
+
 	virtual void finalize();
 
 	QueryBuilder();

database/mysql/mysql_database.cpp

@@ -5,8 +5,8 @@
 #include "core/database/database_manager.h"
 
 #include "mysql_query_builder.h"
-#include "mysql_table_builder.h"
 #include "mysql_query_result.h"
+#include "mysql_table_builder.h"
 
 void MysqlDatabase::connect(const std::string &connection_str) {
 	mysql = mysql_init(mysql);
@@ -56,7 +56,7 @@ void MysqlDatabase::query_run(const std::string &query) {
 		return;
 
 	//printf("%s\n", query.c_str());
-	
+
 	int error = mysql_real_query(mysql, query.c_str(), query.length());
 
 	if (error) {
@@ -69,7 +69,7 @@ void MysqlDatabase::query_run(const std::string &query) {
 	//printf("query OK\n");
 	//printf("----------------\n");
 
-/*
+	/*
 	printf("----------------\n");
 
 	MYSQL_RES *result = mysql_use_result(mysql);
@@ -95,6 +95,20 @@ TableBuilder *MysqlDatabase::get_table_builder() {
 	return new MysqlTableBuilder();
 }
 
+std::string MysqlDatabase::escape(const std::string str) {
+	std::string res;
+	res.reserve(str.size() + 100);
+
+	mysql_real_escape_string(mysql, res.data(), str.c_str(), str.size());
+
+	return res;
+}
+void MysqlDatabase::escape(const std::string str, std::string *to) {
+	to->reserve(str.size() + 100);
+
+	mysql_real_escape_string(mysql, to->data(), str.c_str(), str.size());
+}
+
 MysqlDatabase::MysqlDatabase() :
 		Database() {
 

database/mysql/mysql_database.h

@@ -22,6 +22,9 @@ public:
 	QueryBuilder *get_query_builder();
 	TableBuilder *get_table_builder();
 
+	std::string escape(const std::string str);
+	void escape(const std::string str, std::string *to);
+
 	static Database *_creation_func();
 	static void _register();
 	static void _unregister();

database/sqlite/sqlite3_database.cpp

@@ -36,12 +36,39 @@ QueryResult *SQLite3Database::query(const std::string &query) {
 void SQLite3Database::query_run(const std::string &query) {
 	char *err_msg;
 
-    if (sqlite3_exec(conn, query.c_str(), NULL, NULL, &err_msg) != SQLITE_OK) {
+	if (sqlite3_exec(conn, query.c_str(), NULL, NULL, &err_msg) != SQLITE_OK) {
 		printf("SQLite3Database::query_run error: \nQuery: %s \n Error:\n %s\n", query.c_str(), err_msg);
 		sqlite3_free(err_msg);
 	}
 }
 
+std::string SQLite3Database::escape(const std::string str) {
+	char *ret;
+
+	ret = sqlite3_mprintf("%q", str.c_str());
+
+	if (ret) {
+		std::string res(ret);
+
+		sqlite3_free(ret);
+
+		return res;
+	}
+
+	return "";
+}
+void SQLite3Database::escape(const std::string str, std::string *to) {
+	char *ret;
+
+	ret = sqlite3_mprintf("%q", str.c_str());
+
+	if (ret) {
+		to->operator=(ret); 
+
+		sqlite3_free(ret);
+	}
+}
+
 SQLite3Database::SQLite3Database() :
 		Database() {
 }

database/sqlite/sqlite3_database.h

@@ -23,6 +23,9 @@ public:
 	QueryResult *query(const std::string &query);
 	void query_run(const std::string &query);
 
+	std::string escape(const std::string str);
+	void escape(const std::string str, std::string *to);
+
 	SQLite3Database();
 	~SQLite3Database();