mirror of
https://github.com/Relintai/pandemonium_engine.git
synced 2024-12-25 13:17:22 +01:00
Make sure escape is used in SQLite3QueryBuilder wherever it's expected.
This commit is contained in:
parent
a50fc20607
commit
3d63a84be9
@ -56,7 +56,7 @@ QueryBuilder *SQLite3QueryBuilder::cstr() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
QueryBuilder *SQLite3QueryBuilder::like(const String &str) {
|
QueryBuilder *SQLite3QueryBuilder::like(const String &str) {
|
||||||
if (str == "") {
|
if (str.empty()) {
|
||||||
query_result += "LIKE ";
|
query_result += "LIKE ";
|
||||||
} else {
|
} else {
|
||||||
nlike(escape(str));
|
nlike(escape(str));
|
||||||
@ -152,14 +152,14 @@ QueryBuilder *SQLite3QueryBuilder::nval(const String ¶m) {
|
|||||||
|
|
||||||
QueryBuilder *SQLite3QueryBuilder::vals(const String ¶m) {
|
QueryBuilder *SQLite3QueryBuilder::vals(const String ¶m) {
|
||||||
query_result += "'";
|
query_result += "'";
|
||||||
query_result += param;
|
query_result += escape(param);
|
||||||
query_result += "', ";
|
query_result += "', ";
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
QueryBuilder *SQLite3QueryBuilder::vals(const char *param) {
|
QueryBuilder *SQLite3QueryBuilder::vals(const char *param) {
|
||||||
query_result += "'";
|
query_result += "'";
|
||||||
query_result += String(param);
|
query_result += escape(String(param));
|
||||||
query_result += "', ";
|
query_result += "', ";
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
@ -223,7 +223,7 @@ QueryBuilder *SQLite3QueryBuilder::nsetp(const String &col, const String ¶m)
|
|||||||
QueryBuilder *SQLite3QueryBuilder::setps(const String &col, const char *param) {
|
QueryBuilder *SQLite3QueryBuilder::setps(const String &col, const char *param) {
|
||||||
query_result += col;
|
query_result += col;
|
||||||
query_result += "='";
|
query_result += "='";
|
||||||
query_result += String(param);
|
query_result += escape(String(param));
|
||||||
query_result += "', ";
|
query_result += "', ";
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
@ -275,7 +275,7 @@ QueryBuilder *SQLite3QueryBuilder::nwp(const String &col, const String ¶m) {
|
|||||||
QueryBuilder *SQLite3QueryBuilder::wps(const String &col, const char *param) {
|
QueryBuilder *SQLite3QueryBuilder::wps(const String &col, const char *param) {
|
||||||
query_result += col;
|
query_result += col;
|
||||||
query_result += "='";
|
query_result += "='";
|
||||||
query_result += String(param);
|
query_result += escape(String(param));
|
||||||
query_result += "' ";
|
query_result += "' ";
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
@ -334,11 +334,7 @@ QueryBuilder *SQLite3QueryBuilder::wildcard() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
String SQLite3QueryBuilder::escape(const String ¶ms) {
|
String SQLite3QueryBuilder::escape(const String ¶ms) {
|
||||||
if (!_connection.is_valid()) {
|
ERR_FAIL_COND_V(!_connection.is_valid(), String());
|
||||||
printf("SQLite3QueryBuilder::escape !db!\n");
|
|
||||||
|
|
||||||
return "";
|
|
||||||
}
|
|
||||||
|
|
||||||
return _connection->escape(params);
|
return _connection->escape(params);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user