# HG changeset patch
# User fabien
# Date 1075873617 18000
# Node ID a678f3ef86e099186e0f083892a87ad3492f0b1f
# Parent  02c10487e5a0bb213a7d94ec29a1bd0ae69194e6
[svn] Add SQL quoting for path name.

diff -r 02c10487e5a0 -r a678f3ef86e0 immsview
--- a/immsview	Tue Feb 03 16:50:28 2004 -0500
+++ b/immsview	Wed Feb 04 00:46:57 2004 -0500
@@ -20,9 +20,12 @@
 # Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 # Boston, MA 02111-1307, USA.
 
-_immsview_version = "$Id: immsview 1695 2004-02-03 21:50:28Z fabien $"
+_immsview_version = "$Id: immsview 1696 2004-02-04 05:46:57Z fabien $"
 
 # $Log$
+# Revision 1.15  2004/02/04 05:46:57  fabien
+# Add SQL quoting for path name.
+#
 # Revision 1.14  2004/02/03 21:50:28  fabien
 # Update also on double click.
 #
@@ -142,6 +145,9 @@
         else:
             self.set_playlist_pos(idx)
 
+def quote_sql(str):
+    return str.replace("'", "''")
+    
 class IMMSDb:
     _dbname = os.environ['HOME'] + '/.imms/imms.db'
     # _dbname = os.environ['HOME'] + '/.imms/imms.backup.db'
@@ -168,9 +174,8 @@
         return cu.fetchone()
     def get_uid_by_path(self, path):
         cu = self.cx.cursor()
-        cu.execute('''SELECT Library.uid
-                   FROM Library
-                   WHERE Library.path = '%s';''' % (path))
+        cu.execute("""SELECT Library.uid FROM Library
+                   WHERE Library.path = '%s';""" % quote_sql(path))
         return cu.fetchall()
     def get_ratings_and_info(self, uids = None):
     	print time.ctime(time.time()) + ": querying"