--- a/lib/my_db.py Wed Sep 24 16:43:39 2003 -0400
+++ b/lib/my_db.py Wed Sep 24 16:44:09 2003 -0400
@@ -4,6 +4,9 @@
import config
from bkmark import Bookmark
+def sql_quote(str):
+ return pgdb._quote(str)
+
class MyDbConnexion:
def __init__(self):
self.cnx = pgdb.connect(database = config.database,
@@ -14,11 +17,12 @@
id = self.get_next_id('bookmarks')
self.crs.execute("""
INSERT INTO bookmarks(id, url, name, ldesc, added)
- VALUES (%d, '%s', '%s', '%s', '%s');
+ VALUES (%d, %s, %s, %s, %s);
INSERT INTO bookmarks_keywords(bookmark, keyword)
VALUES (%d, %d);
- """ % (id, bk.url, bk.name, bk.desc, bk.added,
- id, 0))
+ """ % (id, sql_quote(bk.url),
+ sql_quote(bk.name), sql_quote(bk.desc),
+ sql_quote(bk.added), id, 0))
self.cnx.commit()
return id
def get_bookmarks(self, ids):
@@ -45,10 +49,12 @@
def update_bookmark(self, bk):
self.crs.execute("""
UPDATE bookmarks
- SET url = '%s', name = '%s',
- ldesc = '%s', added = '%s'
+ SET url = %s, name = %s,
+ ldesc = %s, added = %s
WHERE id = %d;
- """ % (bk.url, bk.name, bk.desc, bk.added, bk.id))
+ """ % (bk.url, sql_quote(bk.name),
+ sql_quote(bk.desc),
+ sql_quote(bk.added), bk.id))
self.cnx.commit()
def update_keywords(self, id, keywords):
self.crs.execute("""
@@ -74,8 +80,8 @@
id = self.get_next_id('keywords')
self.crs.execute("""
INSERT INTO keywords(id, name)
- VALUES (%d, '%s');
- """ % (id, name))
+ VALUES (%d, %s);
+ """ % (id, sql_quote(name)))
self.cnx.commit()
return id
def get_keyword(self, id):
@@ -95,9 +101,9 @@
def update_keyword(self, id, name):
self.crs.execute("""
UPDATE keywords
- SET name = '%s'
+ SET name = %s
WHERE id = %d;
- """ % (name, id))
+ """ % (sql_quote(name), id))
self.cnx.commit()
def remove_keyword(self, id):
if id == 0:
@@ -142,7 +148,7 @@
self.crs.execute("""
SELECT nextid FROM db_sequence WHERE
db_sequence.seq_name = '%s' FOR UPDATE;
- """ % (seq_name))
+ """ % (seq_name,))
id = self.crs.fetchone()[0]
self.crs.execute("""
UPDATE db_sequence SET nextid = %d