diff -r 08b3855f5e48 -r 800be3836f3b lib/my_db.py --- a/lib/my_db.py Wed Sep 24 16:43:39 2003 -0400 +++ b/lib/my_db.py Wed Sep 24 16:44:09 2003 -0400 @@ -4,6 +4,9 @@ import config from bkmark import Bookmark +def sql_quote(str): + return pgdb._quote(str) + class MyDbConnexion: def __init__(self): self.cnx = pgdb.connect(database = config.database, @@ -14,11 +17,12 @@ id = self.get_next_id('bookmarks') self.crs.execute(""" INSERT INTO bookmarks(id, url, name, ldesc, added) - VALUES (%d, '%s', '%s', '%s', '%s'); + VALUES (%d, %s, %s, %s, %s); INSERT INTO bookmarks_keywords(bookmark, keyword) VALUES (%d, %d); - """ % (id, bk.url, bk.name, bk.desc, bk.added, - id, 0)) + """ % (id, sql_quote(bk.url), + sql_quote(bk.name), sql_quote(bk.desc), + sql_quote(bk.added), id, 0)) self.cnx.commit() return id def get_bookmarks(self, ids): @@ -45,10 +49,12 @@ def update_bookmark(self, bk): self.crs.execute(""" UPDATE bookmarks - SET url = '%s', name = '%s', - ldesc = '%s', added = '%s' + SET url = %s, name = %s, + ldesc = %s, added = %s WHERE id = %d; - """ % (bk.url, bk.name, bk.desc, bk.added, bk.id)) + """ % (bk.url, sql_quote(bk.name), + sql_quote(bk.desc), + sql_quote(bk.added), bk.id)) self.cnx.commit() def update_keywords(self, id, keywords): self.crs.execute(""" @@ -74,8 +80,8 @@ id = self.get_next_id('keywords') self.crs.execute(""" INSERT INTO keywords(id, name) - VALUES (%d, '%s'); - """ % (id, name)) + VALUES (%d, %s); + """ % (id, sql_quote(name))) self.cnx.commit() return id def get_keyword(self, id): @@ -95,9 +101,9 @@ def update_keyword(self, id, name): self.crs.execute(""" UPDATE keywords - SET name = '%s' + SET name = %s WHERE id = %d; - """ % (name, id)) + """ % (sql_quote(name), id)) self.cnx.commit() def remove_keyword(self, id): if id == 0: @@ -142,7 +148,7 @@ self.crs.execute(""" SELECT nextid FROM db_sequence WHERE db_sequence.seq_name = '%s' FOR UPDATE; - """ % (seq_name)) + """ % (seq_name,)) id = self.crs.fetchone()[0] self.crs.execute(""" UPDATE db_sequence SET nextid = %d