Changeset 63b2343 for src/sql/sqlengine.cpp
- Timestamp:
- 06/22/11 22:57:28 (12 years ago)
- Branches:
- master, qt5
- Children:
- bad5e8a
- Parents:
- 865aab6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/sql/sqlengine.cpp
r865aab6 r63b2343 211 211 QSqlDatabase db = QSqlDatabase::database(); 212 212 213 //TODO: check if the person doesn't exist before inserting214 213 if (db.isValid() && db.isOpen()) 215 214 { 215 // TODO: SQL Injection!!! 216 216 QString values = QString("'%1', '%2', '%3'").arg(aPerson["conference_id"],aPerson["id"],aPerson["name"]); 217 217 QString query = QString("INSERT INTO PERSON (xid_conference,id,name) VALUES (%1)").arg(values); … … 219 219 //LOG_AUTOTEST(query); 220 220 221 // TODO: SQL Injection!!! 221 222 values = QString("'%1', '%2', '%3'").arg(aPerson["conference_id"],aPerson["event_id"],aPerson["id"]); 222 223 query = QString("INSERT INTO EVENT_PERSON (xid_conference,xid_event,xid_person) VALUES (%1)").arg(values); … … 232 233 if (db.isValid() && db.isOpen()) 233 234 { 234 QString queryExist = QString("SELECT id FROM ROOM WHERE name='%1'").arg(aRoom["name"]); 235 QSqlQuery resultExist(queryExist,db); 235 QSqlQuery query(db); 236 query.prepare("SELECT id FROM ROOM WHERE xid_conference=:conference_id and name=:name"); 237 query.bindValue(":conference_id", aRoom["conference_id"]); 238 query.bindValue(":name", aRoom["name"]); 239 if (!query.exec()) qDebug() << "Could not execute select room query: " << query.lastError(); 236 240 // now we have to check whether ROOM record with 'name' exists or not, 237 241 // - if it doesn't exist yet, then we have to add that record to 'ROOM' table … … 239 243 // - if it exists, then we need to get its 'id' and assign it to aRoom 240 244 int roomId = -1; 241 if( resultExist.next()) // ROOM record with 'name' already exists: we need to get its 'id'242 { 243 roomId = resultExist.value(0).toInt();245 if(query.next()) // ROOM record with 'name' already exists: we need to get its 'id' 246 { 247 roomId = query.value(0).toInt(); 244 248 } 245 249 else // ROOM record doesn't exist yet, need to create it 246 250 { 251 // TODO: SQL Injection!!! 247 252 QString values = QString("'%1', '%2', '%3'").arg(aRoom["conference_id"],aRoom["name"],aRoom["picture"]); 248 253 QString query = QString("INSERT INTO ROOM (xid_conference,name,picture) VALUES (%1)").arg(values); … … 251 256 //LOG_AUTOTEST(query); 252 257 } 253 254 QString values = QString("'%1', '%2', '%3'").arg(aRoom["conference_id"],aRoom["event_id"],QString::number(roomId)); 255 QString query = QString("INSERT INTO EVENT_ROOM (xid_conference,xid_event,xid_room) VALUES (%1)").arg(values); 256 QSqlQuery result (query, db); 258 query = QSqlQuery(db); 259 query.prepare("INSERT INTO EVENT_ROOM (xid_conference,xid_event,xid_room) VALUES (:conference_id, :event_id, :roomId)"); 260 query.bindValue(":conference_id", aRoom["conference_id"]); 261 query.bindValue(":event_id", aRoom["event_id"]); 262 query.bindValue(":roomId", roomId); 263 if (!query.exec()) qDebug() << "Could not execute insert into event_room query:" << query.lastError(); 257 264 //LOG_AUTOTEST(query); 258 265 } … … 266 273 if (db.isValid() && db.isOpen()) 267 274 { 275 // TODO: SQL Injection!!! 268 276 QString values = QString("'%1', '%2', '%3', '%4'").arg(aLink["event_id"],aLink["conference_id"],aLink["name"],aLink["url"]); 269 277 QString query = QString("INSERT INTO LINK (xid_event, xid_conference, name, url) VALUES (%1)").arg(values); … … 282 290 283 291 // DROP 284 execQuery( db, "DROP TABLE IF EXISTS SEARCH_EVENT ;");292 execQuery( db, "DROP TABLE IF EXISTS SEARCH_EVENT"); 285 293 // CREATE 286 execQuery( db, "CREATE TEMP TABLE SEARCH_EVENT ( xid_conference INTEGER NOT NULL, id INTEGER NOT NULL ) ;");294 execQuery( db, "CREATE TEMP TABLE SEARCH_EVENT ( xid_conference INTEGER NOT NULL, id INTEGER NOT NULL )"); 287 295 // INSERT 288 296 QString query = QString("INSERT INTO SEARCH_EVENT ( xid_conference, id ) "
Note: See TracChangeset
for help on using the changeset viewer.