Index: openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl,v diff -u -r1.148.2.72 -r1.148.2.73 --- openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl 19 Jan 2023 18:10:20 -0000 1.148.2.72 +++ openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl 20 Jan 2023 12:15:16 -0000 1.148.2.73 @@ -848,18 +848,36 @@ } { set c 0; set l ""; set last 0 set execArgs {}; set prepArgs {} - foreach pair [regexp -all -inline -indices {[^:]:[a-zA-Z0_9_]+\M} $sql ] { + + # + # Colon characters may happen also inside of strings. We want to + # allow this, so we first replace every legitimate string in the + # SQL with a placeholder and collect the variables on the + # replaced text. + # + set strings [regexp -all -inline {'(\\'|[^'])*'} $sql] + regsub -all {'(\\'|[^'])*'} $sql "#__string__#" sql + + foreach pair [regexp -all -inline -indices {[^:]:[a-zA-Z0_9_]+\M} $sql] { lassign $pair from to lappend execArgs [string range $sql $from+1 $to] lappend prepArgs unknown append l [string range $sql $last $from] \$[incr c] set last [incr to] } append l [string range $sql $last end] + + # + # Put back the substituted strings in the prepared SQL. + # + foreach {s p} $strings { + regsub "#__string__#" $l $s l + } + dict set d args $execArgs dict set d sql $l + return $d } - return $d } ::xo::db::DB-postgresql instproc prepare {-handle:required {-argtypes ""} sql} {