mirror/sqlitebrowser
1
0
Fork 0
mirror of https://github.com/sqlitebrowser/sqlitebrowser.git synced 2026-01-20 11:00:44 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improve escpaing support

Browse Source 
When generating SQL statements properly escape all identifiers, even
those containing backticks which apparently are allowed inside
identifiers in SQLite.

See issue #387.
This commit is contained in:
Martin Kleusberg
2015-08-17 00:17:48 +02:00
parent 160bc87d3c
commit 631979c330
13 changed files with 95 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/ColumnDisplayFormatDialog.cpp
View File

@@ -1,5 +1,6 @@
#include "ColumnDisplayFormatDialog.h"
#include "ui_ColumnDisplayFormatDialog.h"
#include "sqlitetypes.h"
ColumnDisplayFormatDialog::ColumnDisplayFormatDialog(const QString& colname, QString current_format, QWidget* parent)
: QDialog(parent),
@@ -56,21 +57,21 @@ void ColumnDisplayFormatDialog::updateSqlCode()
QString format = ui->comboDisplayFormat->itemData(ui->comboDisplayFormat->currentIndex()).toString();
#endif
if(format == "default")
ui->editDisplayFormat->setText("`" + column_name + "`");
ui->editDisplayFormat->setText(sqlb::escapeIdentifier(column_name));
else if(format == "lower")
ui->editDisplayFormat->setText("lower(`" + column_name + "`)");
ui->editDisplayFormat->setText("lower(" + sqlb::escapeIdentifier(column_name) + ")");
else if(format == "upper")
ui->editDisplayFormat->setText("upper(`" + column_name + "`)");
ui->editDisplayFormat->setText("upper(" + sqlb::escapeIdentifier(column_name) + ")");
else if(format == "epoch")
ui->editDisplayFormat->setText("datetime(`" + column_name + "`, 'unixepoch')");
ui->editDisplayFormat->setText("datetime(" + sqlb::escapeIdentifier(column_name) + ", 'unixepoch')");
else if(format == "julian")
ui->editDisplayFormat->setText("datetime(`" + column_name + "`)");
ui->editDisplayFormat->setText("datetime(" + sqlb::escapeIdentifier(column_name) + ")");
else if(format == "round")
ui->editDisplayFormat->setText("round(`" + column_name + "`)");
ui->editDisplayFormat->setText("round(" + sqlb::escapeIdentifier(column_name) + ")");
else if(format == "hex")
ui->editDisplayFormat->setText("printf('%x', `" + column_name + "`)");
ui->editDisplayFormat->setText("printf('%x', " + sqlb::escapeIdentifier(column_name) + ")");
else if(format == "octal")
ui->editDisplayFormat->setText("printf('%o', `" + column_name + "`)");
ui->editDisplayFormat->setText("printf('%o', " + sqlb::escapeIdentifier(column_name) + ")");
else if(format == "exponent")
ui->editDisplayFormat->setText("printf('%e', `" + column_name + "`)");
ui->editDisplayFormat->setText("printf('%e', " + sqlb::escapeIdentifier(column_name) + ")");
}