mirror/sqlitebrowser
1
0
Fork 0
mirror of https://github.com/sqlitebrowser/sqlitebrowser.git synced 2026-01-20 11:00:44 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improve escpaing support

Browse Source 
When generating SQL statements properly escape all identifiers, even
those containing backticks which apparently are allowed inside
identifiers in SQLite.

See issue #387.
This commit is contained in:
Martin Kleusberg
2015-08-17 00:17:48 +02:00
parent 160bc87d3c
commit 631979c330
13 changed files with 95 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/sqlitetypes.cpp
View File

@@ -9,6 +9,11 @@ namespace sqlb {
QStringList Field::Datatypes = QStringList() << "INTEGER" << "TEXT" << "BLOB" << "REAL" << "NUMERIC";
QString escapeIdentifier(QString id)
{
return '`' + id.replace('`', "``") + '`';
}
bool ForeignKeyClause::isSet() const
{
return m_override.size() || m_table.size();
@@ -22,13 +27,13 @@ QString ForeignKeyClause::toString() const
if(m_override.size())
return m_override;
QString result = "`" + m_table + "`";
QString result = escapeIdentifier(m_table);
if(m_columns.size())
{
result += "(";
foreach(const QString& column, m_columns)
result += "`" + column + "`,";
result += escapeIdentifier(column) + ',';
result.chop(1); // Remove last comma
result += ")";
}
@@ -46,7 +51,7 @@ void ForeignKeyClause::setFromString(const QString& fk)
QString Field::toString(const QString& indent, const QString& sep) const
{
QString str = indent + '`' + m_name + '`' + sep + m_type;
QString str = indent + escapeIdentifier(m_name) + sep + m_type;
if(m_notnull)
str += " NOT NULL";
if(!m_defaultvalue.isEmpty())
@@ -204,7 +209,7 @@ QPair<Table, bool> Table::parseSQL(const QString &sSQL)
QString Table::sql() const
{
QString sql = QString("CREATE TABLE `%1` (\n").arg(m_name);
QString sql = QString("CREATE TABLE %1 (\n").arg(escapeIdentifier(m_name));
sql += fieldList().join(",\n");
@@ -230,7 +235,7 @@ QString Table::sql() const
foreach(FieldPtr f, m_fields)
{
if(f->foreignKey().isSet())
sql += QString(",\n\tFOREIGN KEY(`%1`) REFERENCES %2").arg(f->name()).arg(f->foreignKey().toString());
sql += QString(",\n\tFOREIGN KEY(%1) REFERENCES %2").arg(escapeIdentifier(f->name())).arg(f->foreignKey().toString());
}
sql += "\n)";