* Fixed a SQL syntax crash when logging character names with "'" in them

git-svn-id: https://svn.code.sf.net/p/rathena/svn/branches/stable@1305 54d463be-8e91-2dee-dedb-b68131a5f0ec

src/map/log.c

@@ -3,10 +3,10 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "../common/strlib.h"
+#include "../common/nullpo.h"
 #include "itemdb.h"
 #include "map.h"
-
-#include "nullpo.h"
 #include "log.h"
 
 struct Log_Config log_config;
@@ -64,7 +64,8 @@ int log_branch(struct map_session_data *sd)
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`branch_date`, `account_id`, `char_id`, `char_name`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%s')", log_config.log_branch_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`branch_date`, `account_id`, `char_id`, `char_name`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%s')",
+			log_config.log_branch_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -153,7 +154,8 @@ int log_present(struct map_session_data *sd, int source_type, int nameid)
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`present_date`, `src_id`, `account_id`, `char_id`, `char_name`, `nameid`, `map`) VALUES (NOW(), '%d', '%d', '%d', '%s', '%d', '%s') ", log_config.log_present_db, source_type, sd->status.account_id, sd->status.char_id, sd->status.name, nameid, sd->mapname);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`present_date`, `src_id`, `account_id`, `char_id`, `char_name`, `nameid`, `map`) VALUES (NOW(), '%d', '%d', '%d', '%s', '%d', '%s') ",
+			log_config.log_present_db, source_type, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), nameid, sd->mapname);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -179,7 +181,8 @@ int log_produce(struct map_session_data *sd, int nameid, int slot1, int slot2, i
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`produce_date`, `account_id`, `char_id`, `char_name`, `nameid`, `slot1`, `slot2`, `slot3`, `map`, `success`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%s', '%d') ", log_config.log_produce_db, sd->status.account_id, sd->status.char_id, sd->status.name, nameid, slot1, slot2, slot3, sd->mapname, success);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`produce_date`, `account_id`, `char_id`, `char_name`, `nameid`, `slot1`, `slot2`, `slot3`, `map`, `success`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%s', '%d') ",
+			log_config.log_produce_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), nameid, slot1, slot2, slot3, sd->mapname, success);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -219,7 +222,8 @@ int log_refine(struct map_session_data *sd, int n, int success)
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`refine_date`, `account_id`, `char_id`, `char_name`, `nameid`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `success`, `item_level`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d', '%d')", log_config.log_refine_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->status.inventory[n].nameid, sd->status.inventory[n].refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, success, item_level);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`refine_date`, `account_id`, `char_id`, `char_name`, `nameid`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `success`, `item_level`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d', '%d')",
+			log_config.log_refine_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->status.inventory[n].nameid, sd->status.inventory[n].refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, success, item_level);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -263,7 +267,8 @@ int log_trade(struct map_session_data *sd, struct map_session_data *target_sd, i
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s')", log_config.log_trade_db, sd->status.account_id, sd->status.char_id, sd->status.name, target_sd->status.account_id, target_sd->status.char_id, target_sd->status.name, log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s')",
+			log_config.log_trade_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), target_sd->status.account_id, target_sd->status.char_id, jstrescape(target_sd->status.name), log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -304,7 +309,8 @@ int log_vend(struct map_session_data *sd,struct map_session_data *vsd,int n,int
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-			sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`vend_date`, `vend_account_id`, `vend_char_id`, `vend_char_name`, `buy_account_id`, `buy_char_id`, `buy_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d')", log_config.log_vend_db, sd->status.account_id, sd->status.char_id, sd->status.name, vsd->status.account_id, vsd->status.char_id, vsd->status.name, log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, zeny);
+			sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`vend_date`, `vend_account_id`, `vend_char_id`, `vend_char_name`, `buy_account_id`, `buy_char_id`, `buy_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d')",
+				log_config.log_vend_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), vsd->status.account_id, vsd->status.char_id, jstrescape(vsd->status.name), log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, zeny);
 			if(mysql_query(&mmysql_handle, tmp_sql))
 				printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -330,7 +336,8 @@ int log_zeny(struct map_session_data *sd, struct map_session_data *target_sd,int
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql,"INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%s', '%d')", log_config.log_trade_db, sd->status.account_id, sd->status.char_id, sd->status.name, target_sd->status.account_id, target_sd->status.char_id, target_sd->status.name, sd->mapname, sd->deal_zeny);
+		sprintf(tmp_sql,"INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%s', '%d')",
+			log_config.log_trade_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), target_sd->status.account_id, target_sd->status.char_id, jstrescape(target_sd->status.name), sd->mapname, sd->deal_zeny);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -356,7 +363,8 @@ int log_atcommand(struct map_session_data *sd, const char *message)
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_gm_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname, message);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ",
+			log_config.log_gm_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname, message);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {
@@ -382,7 +390,8 @@ int log_npc(struct map_session_data *sd, const char *message)
 	#ifndef TXT_ONLY
 	if(log_config.sql_logs > 0)
 	{
-		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`npc_date`, `account_id`, `char_id`, `char_name`, `map`, `mes`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_npc_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname, message);
+		sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`npc_date`, `account_id`, `char_id`, `char_name`, `map`, `mes`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ",
+			log_config.log_npc_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname, message);
 		if(mysql_query(&mmysql_handle, tmp_sql))
 			printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
 	} else {