Changeset dc54e87 for src/sql/sqlengine.cpp
- Timestamp:
- 06/23/11 17:02:15 (12 years ago)
- Branches:
- master, qt5
- Children:
- 96344e7
- Parents:
- 4be292a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/sql/sqlengine.cpp
r4be292a rdc54e87 278 278 if (db.isValid() && db.isOpen()) 279 279 { 280 // TODO: SQL Injection!!! 281 QString values = QString("'%1', '%2', '%3', '%4'").arg(aLink["event_id"],aLink["conference_id"],aLink["name"],aLink["url"]); 282 QString query = QString("INSERT INTO LINK (xid_event, xid_conference, name, url) VALUES (%1)").arg(values); 283 QSqlQuery result(query, db); 280 QSqlQuery query(db); 281 query.prepare("INSERT INTO LINK (xid_event, xid_conference, name, url) VALUES (:xid_event, :xid_conference, :name, :url)"); 282 query.bindValue(":xid_event", aLink["event_id"]); 283 query.bindValue(":xid_conference", aLink["conference_id"]); 284 query.bindValue(":name", aLink["name"]); 285 query.bindValue(":url", aLink["url"]); 286 if (!query.exec()) qDebug() << "Error executing 'insert into link' query: " << query.lastError(); 284 287 //LOG_AUTOTEST(query); 285 288 }
Note: See TracChangeset
for help on using the changeset viewer.