From kde-commits  Sun Jun 29 19:07:03 2003
From: Lucijan Busch <lucijan () gmx ! at>
Date: Sun, 29 Jun 2003 19:07:03 +0000
To: kde-commits
Subject: koffice/kexi/kexiDB/drivers/mySQL
X-MARC-Message: https://marc.info/?l=kde-commits&m=105691363009179

CVS commit by lucijan: 

escape values before inserting/updating them


  M +1 -0      mysqldb.cpp   1.64
  M +11 -11    mysqlrecord.cpp   1.37


--- koffice/kexi/kexiDB/drivers/mySQL/mysqldb.cpp  #1.63:1.64
@@ -353,4 +353,5 @@ QString
 MySqlDB::escape(const QString &str)
 {
+//      QCString val(encode(str));
         char* escaped = (char*) malloc(str.length() * 2 + 2);
         mysql_real_escape_string(m_mysql, escaped, str.local8Bit(), str.length());

--- koffice/kexi/kexiDB/drivers/mySQL/mysqlrecord.cpp  #1.36:1.37
@@ -101,5 +101,5 @@ MySqlRecord::writeOut(KexiDBUpdateRecord
 
                         fieldList+=tmpField;
-                        valueList+="\""+tmpValue.asString()+"\"";
+                        valueList+="\""+m_db->escape(tmpValue.asString())+"\"";
                 }
                 if (!fieldList.isEmpty())
@@ -135,5 +135,5 @@ MySqlRecord::writeOut(KexiDBUpdateRecord
 
                         if (!statement.isEmpty()) statement+=",";
-                        statement+=tmpField+"=\""+tmpValue.asString()+"\"";
+                        statement+=tmpField+"=\""+m_db->escape(tmpValue.asString())+"\"";
                 }