+# Escapes sql strings
+# MySQL escaping:
+# http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
+# full - \x00 (null), \n, \r, \, ', " and \x1a (Control-Z)
+# add % and _ in pattern matching expressions.
+# short - only character used for quoting and backslash should be escaped
+# PostgreSQL
+# Oracle
+# Sybase - different quoting of '
+sub escape_sql_string() {
+ my ($str,$isPattern) = @_;
+
+ if ($dbtype eq 'mysql'){
+ # escape \, ' and "
+ $str =~ s/(['"\\])/\\$1/g;
+ # escape \x1a
+ $str =~ s/([\x1a])/\\Z/g;
+ # escape ascii null
+ $str =~ s/([\x0])/\\0/g;
+ # escape line feed
+ $str =~ s/([\n])/\\n/g;
+ # escape cr
+ $str =~ s/([\r])/\\r/g;
+ if ($isPattern) {
+ $str =~ s/([%_])/\\$1/g;
+ }
+ } else {
+ die "ERROR: Unsupported database type";
+ }
+ return $str;
+}