Changeset 63b2343


Ignore:
Timestamp:
06/22/11 22:57:28 (10 years ago)
Author:
Philipp Spitzer <philipp@…>
Branches:
master, qt5
Children:
bad5e8a
Parents:
865aab6
Message:

Rooms are inserted now for additionally imported conferences.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/sql/sqlengine.cpp

    r865aab6 r63b2343  
    211211    QSqlDatabase db = QSqlDatabase::database();
    212212
    213     //TODO: check if the person doesn't exist before inserting
    214213    if (db.isValid() && db.isOpen())
    215214    {
     215        // TODO: SQL Injection!!!
    216216        QString values = QString("'%1', '%2', '%3'").arg(aPerson["conference_id"],aPerson["id"],aPerson["name"]);
    217217        QString query = QString("INSERT INTO PERSON (xid_conference,id,name) VALUES (%1)").arg(values);
     
    219219        //LOG_AUTOTEST(query);
    220220
     221        // TODO: SQL Injection!!!
    221222        values = QString("'%1', '%2', '%3'").arg(aPerson["conference_id"],aPerson["event_id"],aPerson["id"]);
    222223        query = QString("INSERT INTO EVENT_PERSON (xid_conference,xid_event,xid_person) VALUES (%1)").arg(values);
     
    232233    if (db.isValid() && db.isOpen())
    233234    {
    234         QString queryExist = QString("SELECT id FROM ROOM WHERE name='%1'").arg(aRoom["name"]);
    235         QSqlQuery resultExist(queryExist,db);
     235        QSqlQuery query(db);
     236        query.prepare("SELECT id FROM ROOM WHERE xid_conference=:conference_id and name=:name");
     237        query.bindValue(":conference_id", aRoom["conference_id"]);
     238        query.bindValue(":name", aRoom["name"]);
     239        if (!query.exec()) qDebug() << "Could not execute select room query: " << query.lastError();
    236240        // now we have to check whether ROOM record with 'name' exists or not,
    237241        // - if it doesn't exist yet, then we have to add that record to 'ROOM' table
     
    239243        // - if it exists, then we need to get its 'id' and assign it to aRoom
    240244        int roomId = -1;
    241         if(resultExist.next()) // ROOM record with 'name' already exists: we need to get its 'id'
    242         {
    243             roomId = resultExist.value(0).toInt();
     245        if(query.next()) // ROOM record with 'name' already exists: we need to get its 'id'
     246        {
     247            roomId = query.value(0).toInt();
    244248        }
    245249        else // ROOM record doesn't exist yet, need to create it
    246250        {
     251            // TODO: SQL Injection!!!
    247252            QString values = QString("'%1', '%2', '%3'").arg(aRoom["conference_id"],aRoom["name"],aRoom["picture"]);
    248253            QString query = QString("INSERT INTO ROOM (xid_conference,name,picture) VALUES (%1)").arg(values);
     
    251256            //LOG_AUTOTEST(query);
    252257        }
    253 
    254         QString values = QString("'%1', '%2', '%3'").arg(aRoom["conference_id"],aRoom["event_id"],QString::number(roomId));
    255         QString query = QString("INSERT INTO EVENT_ROOM (xid_conference,xid_event,xid_room) VALUES (%1)").arg(values);
    256         QSqlQuery result (query, db);
     258        query = QSqlQuery(db);
     259        query.prepare("INSERT INTO EVENT_ROOM (xid_conference,xid_event,xid_room) VALUES (:conference_id, :event_id, :roomId)");
     260        query.bindValue(":conference_id", aRoom["conference_id"]);
     261        query.bindValue(":event_id", aRoom["event_id"]);
     262        query.bindValue(":roomId", roomId);
     263        if (!query.exec()) qDebug() << "Could not execute insert into event_room query:" << query.lastError();
    257264        //LOG_AUTOTEST(query);
    258265    }
     
    266273    if (db.isValid() && db.isOpen())
    267274    {
     275        // TODO: SQL Injection!!!
    268276        QString values = QString("'%1', '%2', '%3', '%4'").arg(aLink["event_id"],aLink["conference_id"],aLink["name"],aLink["url"]);
    269277        QString query = QString("INSERT INTO LINK (xid_event, xid_conference, name, url) VALUES (%1)").arg(values);
     
    282290
    283291    // DROP
    284     execQuery( db, "DROP TABLE IF EXISTS SEARCH_EVENT;");
     292    execQuery( db, "DROP TABLE IF EXISTS SEARCH_EVENT");
    285293    // CREATE
    286     execQuery( db, "CREATE TEMP TABLE SEARCH_EVENT ( xid_conference INTEGER  NOT NULL, id INTEGER NOT NULL );");
     294    execQuery( db, "CREATE TEMP TABLE SEARCH_EVENT ( xid_conference INTEGER  NOT NULL, id INTEGER NOT NULL )");
    287295    // INSERT
    288296    QString query = QString("INSERT INTO SEARCH_EVENT ( xid_conference, id ) "
Note: See TracChangeset for help on using the changeset viewer.