[svn] Add SQL quoting for path name.
--- a/immsview Tue Feb 03 16:50:28 2004 -0500
+++ b/immsview Wed Feb 04 00:46:57 2004 -0500
@@ -20,9 +20,12 @@
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
-_immsview_version = "$Id: immsview 1695 2004-02-03 21:50:28Z fabien $"
+_immsview_version = "$Id: immsview 1696 2004-02-04 05:46:57Z fabien $"
# $Log$
+# Revision 1.15 2004/02/04 05:46:57 fabien
+# Add SQL quoting for path name.
+#
# Revision 1.14 2004/02/03 21:50:28 fabien
# Update also on double click.
#
@@ -142,6 +145,9 @@
else:
self.set_playlist_pos(idx)
+def quote_sql(str):
+ return str.replace("'", "''")
+
class IMMSDb:
_dbname = os.environ['HOME'] + '/.imms/imms.db'
# _dbname = os.environ['HOME'] + '/.imms/imms.backup.db'
@@ -168,9 +174,8 @@
return cu.fetchone()
def get_uid_by_path(self, path):
cu = self.cx.cursor()
- cu.execute('''SELECT Library.uid
- FROM Library
- WHERE Library.path = '%s';''' % (path))
+ cu.execute("""SELECT Library.uid FROM Library
+ WHERE Library.path = '%s';""" % quote_sql(path))
return cu.fetchall()
def get_ratings_and_info(self, uids = None):
print time.ctime(time.time()) + ": querying"