src/hg/lib/jksql.c f20cd920ff7ce99900b2f8350ca4b30948d47af2

f20cd920ff7ce99900b2f8350ca4b30948d47af2
galt
  Wed Jul 22 11:36:29 2015 -0700
Fixes RM#15751. Fixes a minor problem with sql string escaping. Also added a new function sqlSafefAppend because it use handy when you need to safely append a little formatted string, but you do not want to be bothered with using dyStrings.

diff --git src/hg/lib/jksql.c src/hg/lib/jksql.c
index a593130..b489288 100644
--- src/hg/lib/jksql.c
+++ src/hg/lib/jksql.c
@@ -3760,30 +3760,49 @@
 /* Format string to buffer, vsprintf style, only with buffer overflow
  * checking.  The resulting string is always terminated with zero byte.
  * Scans unquoted string parameters for illegal literal sql chars.
  * Escapes quoted string parameters. 
  * NOSLQINJ tag is NOT added to beginning since it is assumed to be just a fragment of
  * the entire sql string. */
 {
 int sz;
 va_list args;
 va_start(args, format);
 sz = vaSqlSafefFrag(buffer, bufSize, format, args);
 va_end(args);
 return sz;
 }
 
+int sqlSafefAppend(char* buffer, int bufSize, char *format, ...)
+/* Append formatted string to buffer, vsprintf style, only with buffer overflow
+ * checking.  The resulting string is always terminated with zero byte.
+ * Scans unquoted string parameters for illegal literal sql chars.
+ * Escapes quoted string parameters. 
+ * NOSLQINJ tag is NOT added to beginning since it is assumed to be appended to
+ * a properly created sql string. */
+{
+int sz;
+va_list args;
+int len = strlen(buffer);
+if (len >= bufSize)
+    errAbort("sqlSafefAppend() called on string size %d with bufSize %d too small.", len, bufSize);
+va_start(args, format);
+sz = vaSqlSafefFrag(buffer+len, bufSize-len, format, args);
+va_end(args);
+return sz;
+}
+
 
 
 /* --------------------------- */
 
 
 void vaSqlDyStringPrintfExt(struct dyString *ds, boolean isFrag, char *format, va_list args)
 /* VarArgs Printf to end of dyString after scanning string parameters for illegal sql chars.
  * Strings inside quotes are automatically escaped.  
  * NOSLQINJ tag is added to beginning if it is a new empty string and isFrag is FALSE. */
 {
 /* attempt to format the string in the current space.  If there
  * is not enough room, increase the buffer size and try again */
 int avail, sz;
 while (TRUE)
     {