Changeset 15849 for gsdl/trunk/lib/sqlitedbclass.cpp
- Timestamp:
- 2008-06-04T14:14:48+12:00 (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
gsdl/trunk/lib/sqlitedbclass.cpp
r15836 r15849 93 93 void sqlitedbclass::deletekey (const text_t &key) 94 94 { 95 text_t sql_cmd = "DELETE FROM data WHERE key='" + key+ "'";95 text_t sql_cmd = "DELETE FROM data WHERE key='" + sqlite_safe(key) + "'"; 96 96 sqlexec(sql_cmd); 97 97 } … … 116 116 { 117 117 // No sorting required 118 sql_cmd = "SELECT docOID FROM document_metadata WHERE element='" + metadata_element_name + "' AND value='" + metadata_value+ "'";118 sql_cmd = "SELECT docOID FROM document_metadata WHERE element='" + sqlite_safe(metadata_element_name) + "' AND value='" + sqlite_safe(metadata_value) + "'"; 119 119 } 120 120 else … … 122 122 // Sort the documents by a certain metadata element 123 123 // John Thompson thinks this may not be the most efficient solution, and recommends using ON instead of WHERE 124 sql_cmd = "SELECT b.docOID FROM document_metadata AS a LEFT JOIN document_metadata AS b USING (docOID) WHERE a.element='" + metadata_element_name + "' AND a.value='" + metadata_value + "' AND b.element='" + sort_by_metadata_element_name+ "' ORDER BY b.value";124 sql_cmd = "SELECT b.docOID FROM document_metadata AS a LEFT JOIN document_metadata AS b USING (docOID) WHERE a.element='" + sqlite_safe(metadata_element_name) + "' AND a.value='" + sqlite_safe(metadata_value) + "' AND b.element='" + sqlite_safe(sort_by_metadata_element_name) + "' ORDER BY b.value"; 125 125 } 126 126 vector<text_tmap> sql_results; … … 153 153 bool sqlitedbclass::getkeydata (const text_t& key, text_t &data) 154 154 { 155 text_t sql_cmd = "SELECT value FROM data WHERE key='" + key+ "'";155 text_t sql_cmd = "SELECT value FROM data WHERE key='" + sqlite_safe(key) + "'"; 156 156 vector<text_tmap> sql_results; 157 157 if (!sqlgetarray(sql_cmd, sql_results) || sql_results.size() == 0) … … 204 204 205 205 // Get the entries in the "document_metadata" table where the element matches that specified 206 text_t sql_cmd = "SELECT value FROM document_metadata WHERE element='" + metadata_element_name+ "'";206 text_t sql_cmd = "SELECT value FROM document_metadata WHERE element='" + sqlite_safe(metadata_element_name) + "'"; 207 207 vector<text_tmap> sql_results; 208 208 if (!sqlgetarray(sql_cmd, sql_results) || sql_results.size() == 0) … … 235 235 else 236 236 { 237 text_t sql_cmd = "UPDATE data SET value='" + data + "' WHERE key='" + key+ "'";237 text_t sql_cmd = "UPDATE data SET value='" + sqlite_safe(data) + "' WHERE key='" + sqlite_safe(key) + "'"; 238 238 return sqlexec(sql_cmd); 239 239 } … … 253 253 usleep(m); 254 254 #endif 255 } 256 257 258 text_t sqlitedbclass::sqlite_safe (const text_t &value_arg) 259 { 260 text_t value = value_arg; 261 value.replace("'", "''"); 262 return value; 255 263 } 256 264 … … 346 354 bool sqlitedbclass::sqltableexists(const text_t &table_name) 347 355 { 348 text_t sql_cmd = "SELECT * FROM sqlite_master WHERE tbl_name='" + table_name+ "'";356 text_t sql_cmd = "SELECT * FROM sqlite_master WHERE tbl_name='" + sqlite_safe(table_name) + "'"; 349 357 vector<text_tmap> sql_results; 350 358 if (!sqlgetarray(sql_cmd, sql_results) || sql_results.size() == 0)
Note:
See TracChangeset
for help on using the changeset viewer.