[Snort-devel] Another output-database question

Joel Esler eslerj at ...2499...
Wed Jun 15 12:55:53 EDT 2005


Um.. I know you guys didn't code this (or if you did..  so be it..)
but why do we have single quotes around placeholders in insert
strings?

Example

<                     snprintf(query->val, (p->dsize * 2) +
MAX_QUERY_LENGTH - 3,
<                             "INSERT INTO "
<                             "data (sid,cid,data_payload) "
<                             "VALUES ('%u','%u','%s",
<                             data->shared->sid,
<                             data->shared->cid,
<                             packet_data);
<                     strcat(query->val, "')");
<                     free (packet_data);                packet_data = NULL;
<                     free (packet_data_not_escaped);   
packet_data_not_escaped =

The string: "VALUES ('%u','%u','%s",...  wouldn't it be interpreted
the same way if you were to enter "VALUES (%u,%u,'%s'"???

Since it's a number (sid, cid) we don't need single quotes..

and furthermore in that same string..

                     "VALUES ('%u','%u','%s",
                             data->shared->sid,
                             data->shared->cid,
                             packet_data);
                     strcat(query->val, "')");

wouldn't the line terminate after the first line?  because of the
double quote?  and furthermore, if it went past that, wouldn't it
terminate at the semi-colon after packet_data);?

Or am I crazy?

Joel




More information about the Snort-devel mailing list