--- res_config_mysql.c.orig	Thu Jul 20 22:13:12 2006
+++ res_config_mysql.c	Fri Jul 21 20:39:45 2006
@@ -48,6 +48,7 @@
 #include <asterisk/utils.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdio.h>
 #include <mysql.h>
 #include <mysql_version.h>
 #include <errmsg.h>
@@ -87,8 +88,9 @@
 	MYSQL_RES *result;
 	MYSQL_ROW row;
 	MYSQL_FIELD *fields;
-	int numFields, i;
+	int numFields, i, valsz;
 	char sql[256];
+	char buf[257]; /* Keep this size uneven as it is 2n+1. */
 	char *stringp;
 	char *chunk;
 	char *op;
@@ -109,28 +111,35 @@
 		return NULL;
 	}
 
+	/* Must connect to the server before anything else, as the escape function requires the mysql handle. */
+	ast_mutex_lock(&mysql_lock);
+	if(!mysql_reconnect(database)) {
+		ast_mutex_unlock(&mysql_lock);
+		return NULL;
+	}
+
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
 
 	if(!strchr(newparam, ' ')) op = " ="; else op = "";
 
-	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, newval);
+	if((valsz = strlen (newval)) * 2 + 1 > sizeof(buf))
+		valsz = (sizeof(buf) - 1) / 2;
+	mysql_real_escape_string(&mysql, buf, newval, valsz);
+	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, buf);
 	while((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
 		if(!strchr(newparam, ' ')) op = " ="; else op = "";
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam, op, newval);
+		if((valsz = strlen (newval)) * 2 + 1 > sizeof(buf))
+			valsz = (sizeof(buf) - 1) / 2;
+		mysql_real_escape_string(&mysql, buf, newval, valsz);
+		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam, op, buf);
 	}
 	va_end(ap);
 
 	ast_log(LOG_DEBUG, "MySQL RealTime: Retrieve SQL: %s\n", sql);
 
-	/* We now have our complete statement; Lets connect to the server and execute it. */
-	ast_mutex_lock(&mysql_lock);
-	if(!mysql_reconnect(database)) {
-		ast_mutex_unlock(&mysql_lock);
-		return NULL;
-	}
-
+	/* Execution. */
 	if(mysql_real_query(&mysql, sql, strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database. Check debug for more info.\n");
 		ast_log(LOG_DEBUG, "MySQL RealTime: Query: %s\n", sql);
@@ -176,8 +185,9 @@
 	MYSQL_RES *result;
 	MYSQL_ROW row;
 	MYSQL_FIELD *fields;
-	int numFields, i;
+	int numFields, i, valsz;
 	char sql[256];
+	char buf[257]; /* Keep this size uneven as it is 2n+1. */
 	const char *initfield = NULL;
 	char *stringp;
 	char *chunk;
@@ -216,16 +226,29 @@
 		*op = '\0';
 	}
 
+	/* Must connect to the server before anything else, as the escape function requires the mysql handle. */
+	ast_mutex_lock(&mysql_lock);
+	if(!mysql_reconnect(database)) {
+		ast_mutex_unlock(&mysql_lock);
+		return NULL;
+	}
+
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
 
 	if(!strchr(newparam, ' ')) op = " ="; else op = "";
 
-	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, newval);
+	if((valsz = strlen (newval)) * 2 + 1 > sizeof(buf))
+		valsz = (sizeof(buf) - 1) / 2;
+	mysql_real_escape_string(&mysql, buf, newval, valsz);
+	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table, newparam, op, buf);
 	while((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
 		if(!strchr(newparam, ' ')) op = " ="; else op = "";
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam, op, newval);
+		if((valsz = strlen (newval)) * 2 + 1 > sizeof(buf))
+			valsz = (sizeof(buf) - 1) / 2;
+		mysql_real_escape_string(&mysql, buf, newval, valsz);
+		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s '%s'", newparam, op, buf);
 	}
 
 	if(initfield) {
@@ -236,13 +259,7 @@
 
 	ast_log(LOG_DEBUG, "MySQL RealTime: Retrieve SQL: %s\n", sql);
 
-	/* We now have our complete statement; Lets connect to the server and execute it. */
-	ast_mutex_lock(&mysql_lock);
-	if(!mysql_reconnect(database)) {
-		ast_mutex_unlock(&mysql_lock);
-		return NULL;
-	}
-
+	/* Execution. */
 	if(mysql_real_query(&mysql, sql, strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database. Check debug for more info.\n");
 		ast_log(LOG_DEBUG, "MySQL RealTime: Query: %s\n", sql);
@@ -291,6 +308,8 @@
 {
 	my_ulonglong numrows;
 	char sql[256];
+	char buf[257]; /* Keep this size uneven as it is 2n+1. */
+	int valsz;
 	const char *newparam, *newval;
 
 	if(!table) {
@@ -307,26 +326,36 @@
                return -1;
 	}
 
+	/* Must connect to the server before anything else, as the escape function requires the mysql handle. */
+	ast_mutex_lock(&mysql_lock);
+	if(!mysql_reconnect(database)) {
+		ast_mutex_unlock(&mysql_lock);
+		return -1;
+	}
+
 	/* Create the first part of the query using the first parameter/value pairs we just extracted
 	   If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */
 
-	snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, newval);
+	if((valsz = strlen (newval)) * 1 + 1 > sizeof(buf))
+		valsz = (sizeof(buf) - 1) / 2;
+	mysql_real_escape_string(&mysql, buf, newval, valsz);
+	snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam, buf);
 	while((newparam = va_arg(ap, const char *))) {
 		newval = va_arg(ap, const char *);
-		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), ", %s = '%s'", newparam, newval);
+		if((valsz = strlen (newval)) * 2 + 1 > sizeof(buf))
+			valsz = (sizeof(buf) - 1) / 2;
+		mysql_real_escape_string(&mysql, buf, newval, valsz);
+		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), ", %s = '%s'", newparam, buf);
 	}
 	va_end(ap);
-	snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " WHERE %s = '%s'", keyfield, lookup);
+	if((valsz = strlen (lookup)) * 1 + 1 > sizeof(buf))
+		valsz = (sizeof(buf) - 1) / 2;
+	mysql_real_escape_string(&mysql, buf, lookup, valsz);
+	snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " WHERE %s = '%s'", keyfield, buf);
 
 	ast_log(LOG_DEBUG,"MySQL RealTime: Update SQL: %s\n", sql);
 
-	/* We now have our complete statement; Lets connect to the server and execute it. */
-	ast_mutex_lock(&mysql_lock);
-	if(!mysql_reconnect(database)) {
-		ast_mutex_unlock(&mysql_lock);
-		return -1;
-	}
-
+	/* Execution. */
 	if(mysql_real_query(&mysql, sql, strlen(sql))) {
 		ast_log(LOG_WARNING, "MySQL RealTime: Failed to query database. Check debug for more info.\n");
 		ast_log(LOG_DEBUG, "MySQL RealTime: Query: %s\n", sql);
@@ -357,13 +386,10 @@
 	MYSQL_RES *result;
 	MYSQL_ROW row;
 	my_ulonglong num_rows;
-	struct ast_config *new;
-	struct ast_variable *cur_v, *new_v;
-	struct ast_category *cur_cat, *new_cat;
+	struct ast_variable *new_v;
+	struct ast_category *cur_cat;
 	char sql[250] = "";
 	char last[80] = "";
-	int cat_started = 0;
-	int var_started = 0;
 	int last_cat_metric = 0;
 
 	last[0] = '\0';