RACK911LABS.COM: safer mysql/pgsql query

Serghey Rodin · Serghey Rodin · commit b5874764a7b3 · 2018-04-26T17:29:13.000+03:00
diff --git a/func/db.sh b/func/db.sh
@@ -47,7 +47,10 @@ mysql_connect() {
 }
 
 mysql_query() {
-    mysql --defaults-file=$mycnf -e "$1" 2>/dev/null
+    sql_tmp=$(mktemp)
+    echo "$1" > $sql_tmp
+    mysql --defaults-file=$mycnf < "$sql_tmp"  2>/dev/null
+    rm -f "$sql_tmp"
 }
 
 mysql_dump() {
@@ -89,7 +92,10 @@ psql_connect() {
 }
 
 psql_query() {
-    psql -h $HOST -U $USER -c "$1" 2>/dev/null
+    sql_tmp=$(mktemp)
+    echo "$1" > $sql_tmp
+    psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null
+    rm -f $sql_tmp
 }
 
 psql_dump() {

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,10 @@ mysql_connect() {`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`mysql_query() {`
`50`		`- mysql --defaults-file=$mycnf -e "$1" 2>/dev/null`
	`50`	`+ sql_tmp=$(mktemp)`
	`51`	`+ echo "$1" > $sql_tmp`
	`52`	`+ mysql --defaults-file=$mycnf < "$sql_tmp" 2>/dev/null`
	`53`	`+ rm -f "$sql_tmp"`
`51`	`54`	`}`
`52`	`55`
`53`	`56`	`mysql_dump() {`
`@@ -89,7 +92,10 @@ psql_connect() {`
`89`	`92`	`}`
`90`	`93`
`91`	`94`	`psql_query() {`
`92`		`- psql -h $HOST -U $USER -c "$1" 2>/dev/null`
	`95`	`+ sql_tmp=$(mktemp)`
	`96`	`+ echo "$1" > $sql_tmp`
	`97`	`+ psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null`
	`98`	`+ rm -f $sql_tmp`
`93`	`99`	`}`
`94`	`100`
`95`	`101`	`psql_dump() {`