- Timestamp:
- 06/23/11 16:43:18 (12 years ago)
- Branches:
- master, qt5
- Children:
- 4be292a
- Parents:
- 5438514
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/sql/sqlengine.cpp
r5438514 ra55781e 293 293 return -1; 294 294 295 if (aColumns.empty()) return -1; 295 296 296 297 // DROP … … 299 300 execQuery( db, "CREATE TEMP TABLE SEARCH_EVENT ( xid_conference INTEGER NOT NULL, id INTEGER NOT NULL )"); 300 301 // INSERT 301 QString query= QString("INSERT INTO SEARCH_EVENT ( xid_conference, id ) "302 QString sql = QString("INSERT INTO SEARCH_EVENT ( xid_conference, id ) " 302 303 "SELECT EVENT.xid_conference, EVENT.id FROM EVENT "); 303 304 if( aColumns.contains("ROOM") ){ 304 query+= "INNER JOIN EVENT_ROOM ON ( EVENT.xid_conference = EVENT_ROOM.xid_conference AND EVENT.id = EVENT_ROOM.xid_event ) ";305 query+= "INNER JOIN ROOM ON ( EVENT_ROOM.xid_room = ROOM.id ) ";305 sql += "INNER JOIN EVENT_ROOM ON ( EVENT.xid_conference = EVENT_ROOM.xid_conference AND EVENT.id = EVENT_ROOM.xid_event ) "; 306 sql += "INNER JOIN ROOM ON ( EVENT_ROOM.xid_room = ROOM.id ) "; 306 307 } 307 308 if( aColumns.contains("PERSON") ){ 308 query += "INNER JOIN EVENT_PERSON ON ( EVENT.xid_conference = EVENT_PERSON.xid_conference AND EVENT.id = EVENT_PERSON.xid_event ) "; 309 query += "INNER JOIN PERSON ON ( EVENT_PERSON.xid_person = PERSON.id ) "; 310 } 311 // TODO: avoid .arg 312 query += QString("WHERE EVENT.xid_conference = %1 AND (").arg( aConferenceId ); 309 sql += "INNER JOIN EVENT_PERSON ON ( EVENT.xid_conference = EVENT_PERSON.xid_conference AND EVENT.id = EVENT_PERSON.xid_event ) "; 310 sql += "INNER JOIN PERSON ON ( EVENT_PERSON.xid_person = PERSON.id ) "; 311 } 312 sql += QString("WHERE EVENT.xid_conference = %1 AND (").arg( aConferenceId ); 313 313 314 314 foreach (QString table, aColumns.uniqueKeys()){ 315 315 foreach (QString column, aColumns.values(table)){ 316 // TODO: SQL Injection!!! 317 query += QString("%1.%2 LIKE '\%%3\%' OR ").arg( table, column, aKeyword ); 318 } 319 } 320 query.chop( QString(" OR ").length() ); 321 query += QString(");"); 322 323 execQuery( db, query ); 316 sql += QString("%1.%2 LIKE '\%' || :%1%2 || '\%' OR ").arg( table, column ); 317 } 318 } 319 sql.chop( QString(" OR ").length() ); 320 sql += QString(")"); 321 322 QSqlQuery query(db); 323 query.prepare(sql); 324 foreach (QString table, aColumns.uniqueKeys()){ 325 foreach (QString column, aColumns.values(table)){ 326 query.bindValue(QString(":%1%2").arg(table, column), aKeyword ); 327 } 328 } 329 330 if( !query.exec() ){ 331 qDebug() << "Could not execute search query: " << query.lastError().text(); 332 return -1; 333 } 324 334 325 335 return 1;
Note: See TracChangeset
for help on using the changeset viewer.