From 75f51e2f14d9fce2001aa91ad444e327321a19c3 Mon Sep 17 00:00:00 2001

From: Tomas Hozza <thozza@redhat.com>

Date: Thu, 2 May 2013 15:05:51 +0200

Subject: [PATCH] Table name should be quoted when used in SQL commands

Table name should be quoted when dropping/creating/inserting in

some table. Currently zone2sqlite is unable to handle table

names starting with ".", "-", number, etc.

This can be solved by using "%Q" instead of "%q" in sqlite3_mprintf()

calls when inserting table name.

Signed-off-by: Tomas Hozza <thozza@redhat.com>

---

 contrib/sdb/sqlite/zone2sqlite.c | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/contrib/sdb/sqlite/zone2sqlite.c b/contrib/sdb/sqlite/zone2sqlite.c

index b583d2b..7b9260a 100644

--- a/contrib/sdb/sqlite/zone2sqlite.c

+++ b/contrib/sdb/sqlite/zone2sqlite.c

@@ -129,7 +129,7 @@ addrdata(dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)

     dataarray[isc_buffer_usedlength(&b)] = 0;

     sql = sqlite3_mprintf(

-	"INSERT INTO %q (NAME, TTL, RDTYPE, RDATA)"

+	"INSERT INTO %Q (NAME, TTL, RDTYPE, RDATA)"

 	" VALUES ('%q', %d, '%q', '%q') ",

 	dbi.table,

 	namearray, ttl, typearray, dataarray);

@@ -208,7 +208,7 @@ main(int argc, char *argv[])

 	closeandexit(1);

     }

-    sql = sqlite3_mprintf("DROP TABLE %q ", dbi.table);

+    sql = sqlite3_mprintf("DROP TABLE %Q ", dbi.table);

     printf("%s\n", sql);

     res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);

     sqlite3_free(sql);

@@ -231,7 +231,7 @@ main(int argc, char *argv[])

 #endif

     sql = sqlite3_mprintf(

-	"CREATE TABLE %q "

+	"CREATE TABLE %Q "

 	"(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT) ",

 	dbi.table);

     printf("%s\n", sql);

-- 

1.8.1.4