Changeset dcefa71
- Timestamp:
- 06/23/11 17:47:43 (12 years ago)
- Branches:
- master, qt5
- Children:
- fea60c8
- Parents:
- 68b2df2
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/sql/sqlengine.cpp
r68b2df2 rdcefa71 217 217 if (db.isValid() && db.isOpen()) 218 218 { 219 // TODO: SQL Injection!!! 220 QString values = QString("'%1', '%2', '%3'").arg(aPerson["conference_id"],aPerson["id"],aPerson["name"]); 221 QString query = QString("INSERT INTO PERSON (xid_conference,id,name) VALUES (%1)").arg(values); 222 QSqlQuery result (query, db); 223 //LOG_AUTOTEST(query); 224 225 // TODO: SQL Injection!!! 226 values = QString("'%1', '%2', '%3'").arg(aPerson["conference_id"],aPerson["event_id"],aPerson["id"]); 227 query = QString("INSERT INTO EVENT_PERSON (xid_conference,xid_event,xid_person) VALUES (%1)").arg(values); 228 QSqlQuery resultEventPerson (query, db); 229 //LOG_AUTOTEST(query); 219 QSqlQuery query(db); 220 query.prepare("INSERT INTO PERSON (xid_conference,id,name) VALUES (:xid_conference, :id, :name)"); 221 query.bindValue(":xid_conference", aPerson["conference_id"]); 222 query.bindValue(":id", aPerson["id"]); 223 query.bindValue(":name", aPerson["name"]); 224 query.exec(); // some queries fail due to the unique key constraint 225 // if (!query.exec()) qDebug() << "SQL query 'insert into person' failed: " << query.lastError(); 226 227 query = QSqlQuery(db); 228 query.prepare("INSERT INTO EVENT_PERSON (xid_conference,xid_event,xid_person) VALUES (:xid_conference, :xid_event, :xid_person)"); 229 query.bindValue(":xid_conference", aPerson["conference_id"]); 230 query.bindValue(":xid_event", aPerson["event_id"]); 231 query.bindValue(":xid_person", aPerson["id"]); 232 query.exec(); // some queries fail due to the unique key constraint 233 // if (!query.exec()) qDebug() << "SQL query 'insert into event_person' failed: " << query.lastError(); 230 234 } 231 235 }
Note: See TracChangeset
for help on using the changeset viewer.