[Snort-devel] Another output-database question

Martin Roesch roesch at ...402...
Mon Jun 27 07:29:46 EDT 2005


Looks like you could write that:

snprintf(query->val,
     (p->dsize * 2) + MAX_QUERY_LENGTH - 3,
     "INSERT INTO data(sid, cid, data_payload)"
     " VALUES (%u, %u, '%s')",
     data->shared->sid,
     data->shared->cid,
     packet_data);

 From where I'm sitting, but that's just me...

      -Marty


On Jun 15, 2005, at 3:55 PM, Joel Esler wrote:

> Um.. I know you guys didn't code this (or if you did..  so be it..)
> but why do we have single quotes around placeholders in insert
> strings?
>
> Example
>
> <                     snprintf(query->val, (p->dsize * 2) +
> MAX_QUERY_LENGTH - 3,
> <                             "INSERT INTO "
> <                             "data (sid,cid,data_payload) "
> <                             "VALUES ('%u','%u','%s",
> <                             data->shared->sid,
> <                             data->shared->cid,
> <                             packet_data);
> <                     strcat(query->val, "')");
> <                     free (packet_data);                 
> packet_data = NULL;
> <                     free (packet_data_not_escaped);
> packet_data_not_escaped =
>
> The string: "VALUES ('%u','%u','%s",...  wouldn't it be interpreted
> the same way if you were to enter "VALUES (%u,%u,'%s'"???
>
> Since it's a number (sid, cid) we don't need single quotes..
>
> and furthermore in that same string..
>
>                      "VALUES ('%u','%u','%s",
>                              data->shared->sid,
>                              data->shared->cid,
>                              packet_data);
>                      strcat(query->val, "')");
>
> wouldn't the line terminate after the first line?  because of the
> double quote?  and furthermore, if it went past that, wouldn't it
> terminate at the semi-colon after packet_data);?
>
> Or am I crazy?
>
> Joel
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Network Defense for the Real World - http:// 
www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http:// 
www.snort.org







More information about the Snort-devel mailing list