'Re: [Snort-devel] Another output-database question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-devel
Subject:    Re: [Snort-devel] Another output-database question
From:       Martin Roesch <roesch () sourcefire ! com>
Date:       2005-06-27 14:28:34
Message-ID: BF31CFB6-0845-46BC-B5AA-17C78D6FB341 () sourcefire ! com
[Download RAW message or body]

Looks like you could write that:

snprintf(query->val,
     (p->dsize * 2) + MAX_QUERY_LENGTH - 3,
     "INSERT INTO data(sid, cid, data_payload)"
     " VALUES (%u, %u, '%s')",
     data->shared->sid,
     data->shared->cid,
     packet_data);

 From where I'm sitting, but that's just me...

      -Marty


On Jun 15, 2005, at 3:55 PM, Joel Esler wrote:

> Um.. I know you guys didn't code this (or if you did..  so be it..)
> but why do we have single quotes around placeholders in insert
> strings?
>
> Example
>
> <                     snprintf(query->val, (p->dsize * 2) +
> MAX_QUERY_LENGTH - 3,
> <                             "INSERT INTO "
> <                             "data (sid,cid,data_payload) "
> <                             "VALUES ('%u','%u','%s",
> <                             data->shared->sid,
> <                             data->shared->cid,
> <                             packet_data);
> <                     strcat(query->val, "')");
> <                     free (packet_data);                 
> packet_data = NULL;
> <                     free (packet_data_not_escaped);
> packet_data_not_escaped =
>
> The string: "VALUES ('%u','%u','%s",...  wouldn't it be interpreted
> the same way if you were to enter "VALUES (%u,%u,'%s'"???
>
> Since it's a number (sid, cid) we don't need single quotes..
>
> and furthermore in that same string..
>
>                      "VALUES ('%u','%u','%s",
>                              data->shared->sid,
>                              data->shared->cid,
>                              packet_data);
>                      strcat(query->val, "')");
>
> wouldn't the line terminate after the first line?  because of the
> double quote?  and furthermore, if it went past that, wouldn't it
> terminate at the semi-colon after packet_data);?
>
> Or am I crazy?
>
> Joel
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Network Defense for the Real World - http:// 
www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http:// 
www.snort.org





-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&opÌk
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic