Index: openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl,v diff -u -r1.148.2.59 -r1.148.2.60 --- openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl 5 Jan 2023 16:50:25 -0000 1.148.2.59 +++ openacs-4/packages/xotcl-core/tcl/05-db-procs.tcl 9 Jan 2023 10:53:34 -0000 1.148.2.60 @@ -710,7 +710,17 @@ # set c 0; set l ""; set last 0 set execArgs {}; set prepArgs {} - foreach pair [regexp -all -inline -indices {[^:a-zA-Z0_9_]:[a-zA-Z0_9_]+\M} $sql] { + + # + # Colon characters may happen also inside of strings. We want to + # allow this, so we first replace every legitimate string in the + # SQL with a placeholder and collect the variables on the + # replaced text. + # + set strings [regexp -all -inline {'(\\'|[^'])*'} $sql] + regsub -all {'(\\'|[^'])*'} $sql "#__string__#" sql + + foreach pair [regexp -all -inline -indices {[^:]:[a-zA-Z0_9_]+\M} $sql] { lassign $pair from to lappend execArgs [string range $sql $from+1 $to] lappend prepArgs unknown @@ -719,6 +729,13 @@ } append l [string range $sql $last end] + # + # Put back the substituted strings in the prepared SQL. + # + foreach {s p} $strings { + regsub "#__string__#" $l $s l + } + set argtypes [split $argtypes ,] if {[llength $argtypes] == [llength $prepArgs]} { set prepArgs $argtypes