Changeset 909ea23
- Timestamp:
- 06/23/11 08:46:31 (12 years ago)
- Branches:
- master, qt5
- Children:
- 141a5c2
- Parents:
- 06eef78
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/sql/sqlengine.cpp
r06eef78 r909ea23 245 245 // and assign autoincremented 'id' to aRoom 246 246 // - if it exists, then we need to get its 'id' and assign it to aRoom 247 int roomId = -1;247 aRoom["id"] = ""; 248 248 if(query.next()) // ROOM record with 'name' already exists: we need to get its 'id' 249 249 { 250 roomId= query.value(0).toInt();250 aRoom["id"] = query.value(0).toInt(); 251 251 } 252 252 else // ROOM record doesn't exist yet, need to create it 253 253 { 254 // TODO: SQL Injection!!! 255 QString values = QString("'%1', '%2', '%3'").arg(aRoom["conference_id"],aRoom["name"],aRoom["picture"]); 256 QString query = QString("INSERT INTO ROOM (xid_conference,name,picture) VALUES (%1)").arg(values); 257 QSqlQuery result (query, db); 258 roomId = result.lastInsertId().toInt(); // 'id' is assigned automatically 254 query = QSqlQuery(db); 255 query.prepare("INSERT INTO ROOM (xid_conference,name,picture) VALUES (:xid_conference, :name, :picture)"); 256 query.bindValue(":xid_conference", aRoom["conference_id"]); 257 query.bindValue(":xid_name", aRoom["name"]); 258 query.bindValue(":xid_picture", aRoom["picture"]); 259 if (!query.exec()) qDebug() << "Could not execute 'insert into room ...' query." << query.lastError(); 260 aRoom["id"] = query.lastInsertId().toInt(); // 'id' is assigned automatically 259 261 //LOG_AUTOTEST(query); 260 262 } … … 263 265 query.bindValue(":conference_id", aRoom["conference_id"]); 264 266 query.bindValue(":event_id", aRoom["event_id"]); 265 query.bindValue(":roomId", roomId);266 if (!query.exec()) qDebug() << "Could not execute insert into event_roomquery:" << query.lastError();267 query.bindValue(":roomId", aRoom["id"]); 268 if (!query.exec()) qDebug() << "Could not 'execute insert into event_room' query:" << query.lastError(); 267 269 //LOG_AUTOTEST(query); 268 270 } … … 307 309 query += "INNER JOIN PERSON ON ( EVENT_PERSON.xid_person = PERSON.id ) "; 308 310 } 311 // TODO: avoid .arg 309 312 query += QString("WHERE EVENT.xid_conference = %1 AND (").arg( aConferenceId ); 310 313 311 314 foreach (QString table, aColumns.uniqueKeys()){ 312 315 foreach (QString column, aColumns.values(table)){ 316 // TODO: SQL Injection!!! 313 317 query += QString("%1.%2 LIKE '\%%3\%' OR ").arg( table, column, aKeyword ); 314 318 }
Note: See TracChangeset
for help on using the changeset viewer.