@@ -39,7 +39,7 @@ BEGIN {
main_revision_job_cond other_revision_job_suffix
$dbh_tests db_retry db_retry_retry db_retry_abort
db_readonly_report
- db_begin_work db_prepare
+ db_begin_work db_prepare db_quote_like_pattern
get_harness_rev blessing_must_not_modify_host
ensuredir get_filecontents_core_quiet system_checked
nonempty visible_undef show_abs_time
@@ -358,6 +358,12 @@ sub postfork () {
$mjobdb->jobdb_postfork();
}
+sub db_quote_like_pattern ($) {
+ local ($_) = @_;
+ s{[_%\\]}{\\$&}g;
+ $_;
+}
+
#---------- script entrypoints ----------
sub csreadconfig () {
@@ -143,7 +143,7 @@ sub _check_testdbs ($) {
AND live
AND username LIKE (? || '@%')
END
- $sth->execute($c{Username});
+ $sth->execute(db_quote_like_pattern($c{Username}));
my $allok = 1;
while (my $row = $sth->fetchrow_hashref()) {
next if $row->{dbname} =~ m/^$re$/o;
@@ -380,7 +380,8 @@ END
$runvarq_hits++;
} else {
$runvarq_misses++;
- $jrunvarq->execute($jr->{flight}, $jr->{job}, $ident);
+ $jrunvarq->execute($jr->{flight}, $jr->{job},
+ db_quote_like_pattern($ident));
my %runvars;
while (my ($n, $v) = $jrunvarq->fetchrow_array()) {
$runvars{$n} = $v;
In two places the pattern for LIKE is constructed programmatically. In this case, too, we need to escape % and _. We pass the actual pattern (or pattern fragment) via ?, so we do not need to worry about '. Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> --- New in v2. --- Osstest.pm | 8 +++++++- Osstest/JobDB/Executive.pm | 2 +- sg-report-host-history | 3 ++- 3 files changed, 10 insertions(+), 3 deletions(-)