mirror of
https://github.com/Relintai/pandemonium_engine.git
synced 2024-12-24 12:47:12 +01:00
Make sure escape is used in SQLite3QueryBuilder wherever it's expected.
This commit is contained in:
parent
a50fc20607
commit
3d63a84be9
@ -56,7 +56,7 @@ QueryBuilder *SQLite3QueryBuilder::cstr() {
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::like(const String &str) {
|
||||
if (str == "") {
|
||||
if (str.empty()) {
|
||||
query_result += "LIKE ";
|
||||
} else {
|
||||
nlike(escape(str));
|
||||
@ -152,14 +152,14 @@ QueryBuilder *SQLite3QueryBuilder::nval(const String ¶m) {
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::vals(const String ¶m) {
|
||||
query_result += "'";
|
||||
query_result += param;
|
||||
query_result += escape(param);
|
||||
query_result += "', ";
|
||||
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *SQLite3QueryBuilder::vals(const char *param) {
|
||||
query_result += "'";
|
||||
query_result += String(param);
|
||||
query_result += escape(String(param));
|
||||
query_result += "', ";
|
||||
|
||||
return this;
|
||||
@ -223,7 +223,7 @@ QueryBuilder *SQLite3QueryBuilder::nsetp(const String &col, const String ¶m)
|
||||
QueryBuilder *SQLite3QueryBuilder::setps(const String &col, const char *param) {
|
||||
query_result += col;
|
||||
query_result += "='";
|
||||
query_result += String(param);
|
||||
query_result += escape(String(param));
|
||||
query_result += "', ";
|
||||
|
||||
return this;
|
||||
@ -275,7 +275,7 @@ QueryBuilder *SQLite3QueryBuilder::nwp(const String &col, const String ¶m) {
|
||||
QueryBuilder *SQLite3QueryBuilder::wps(const String &col, const char *param) {
|
||||
query_result += col;
|
||||
query_result += "='";
|
||||
query_result += String(param);
|
||||
query_result += escape(String(param));
|
||||
query_result += "' ";
|
||||
|
||||
return this;
|
||||
@ -334,11 +334,7 @@ QueryBuilder *SQLite3QueryBuilder::wildcard() {
|
||||
}
|
||||
|
||||
String SQLite3QueryBuilder::escape(const String ¶ms) {
|
||||
if (!_connection.is_valid()) {
|
||||
printf("SQLite3QueryBuilder::escape !db!\n");
|
||||
|
||||
return "";
|
||||
}
|
||||
ERR_FAIL_COND_V(!_connection.is_valid(), String());
|
||||
|
||||
return _connection->escape(params);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user