Skip to content

Commit

Permalink
GSvar: correctly escape test data in SQL
Browse files Browse the repository at this point in the history
  • Loading branch information
@ubuntolog
ubuntolog committed Dec 11, 2023
1 parent e805665 commit c659570
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 10 deletions.
14 changes: 5 additions & 9 deletions src/cppNGSD/NGSD.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8924,7 +8924,7 @@ QString NGSD::escapeText(QString text)
return db_->driver()->formatValue(f);
}

void NGSD::exportTable(const QString& table, QTextStream& out, QString where_clause, QMap<QString, QSet<int>> *sql_history) const
void NGSD::exportTable(const QString& table, QTextStream& out, QString where_clause, QMap<QString, QSet<int>> *sql_history)
{
if (!table.isEmpty())
{
Expand Down Expand Up @@ -8963,16 +8963,12 @@ void NGSD::exportTable(const QString& table, QTextStream& out, QString where_cla
for (int i=0; i<field_count; i++)
{
QString field_value = query.value(field_names[i]).toString();
if (((field_value.isEmpty()) || (field_value=="0")) && (table_info.fieldInfo()[i].is_nullable)) field_value = "NULL";
field_value = field_value.replace("'", "\\'");
field_value = field_value.replace("\"", "\\\"");
field_value = field_value.replace("\r", "\\r");
field_value = field_value.replace("\n", "\\n");
values.append(field_value);
if (((field_value.isEmpty()) || (field_value=="0")) && (table_info.fieldInfo()[i].is_nullable)) field_value = "NULL";
values.append(escapeText(field_value));
}

QString insert_query = "('" + values.join("', '") + "')";
insert_query = insert_query.replace("'NULL'", "NULL");
QString insert_query = "(" + values.join(", ") + ")";
insert_query = insert_query.replace("'NULL'", "NULL");
out << insert_query;

if (row_count>=1000)
Expand Down
2 changes: 1 addition & 1 deletion src/cppNGSD/NGSD.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -675,7 +675,7 @@ Q_OBJECT
QString escapeText(QString text);

///Creates a SQL dump for a given table. sql_history is a hash table that keeps track of already exported records: table name > exported IDs set.
void exportTable(const QString& table, QTextStream& out, QString where_clause = "", QMap<QString, QSet<int>> *sql_history = nullptr) const;
void exportTable(const QString& table, QTextStream& out, QString where_clause = "", QMap<QString, QSet<int>> *sql_history = nullptr);

///Creates a DBTable with data from an SQL query.
DBTable createTable(QString table, QString query, int pk_col_index=0);
Expand Down

0 comments on commit c659570

Please sign in to comment.