[mythtv] escaping strings in sql queries
Jost Schenck
jost.schenck at gmx.de
Tue Dec 23 07:26:10 EST 2003
Am Montag, 22. Dezember 2003 10:56 schrieb Philippe C.Cattin:
> I did exactly this for mythbrowser last night.
> I was working on the very same problem for mythbrowser last night. I
> implemented a mythbrowser specific solution, although I prefer a global
> function to do it.
>
> what I found out so far is, that the single quot ', the % and _ need to
> be escaped (the double quot " seems to work fine without escaping).
So, if you like to use it in mythbrowser, too, maybe the attached escapeString
function in util.* is helpful. I am not sure which things need to be escaped
for an SQL query, the method in the patch should escape \"%_'.
This is not tested, but taken from tested (and GPLed) kdevelop code, just the
escaped characters are changed. When I have time these days I'll try to apply
this function in all places where it makes sense, test it and provide another
(trivial) patch.
-Jost.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: util.cpp.patch
Type: text/x-diff
Size: 685 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-dev/attachments/20031223/01879642/util.cpp.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: util.h.patch
Type: text/x-diff
Size: 553 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-dev/attachments/20031223/01879642/util.h.bin
More information about the mythtv-dev
mailing list