gnucash unstable: Correct quoting for SQL backends.

John Ralls jralls at
Sat Nov 25 17:47:05 EST 2017

Updated	 via (commit)
	from (commit)

commit d8c2f5244755b8162268077335c78df1449e9a48
Author: John Ralls <jralls at>
Date:   Fri Nov 24 16:53:58 2017 -0800

    Correct quoting for SQL backends.
    Only string values should be quoted in queries; in particular NULL
    isn't a string value and must not be quoted.
    Note that this is a less than perfect solution because it doesn't use
    the Database's quoting function and so doesn't escape quotes, linefeeds,
    or carriage returns inside the string. That's because the SQL generating
    logic is independent of the connection class and can't easily get to it.

Summary of changes:
 libgnucash/backend/dbi/gnc-dbisqlconnection.cpp    |  6 ++++--
 libgnucash/backend/sql/gnc-address-sql.cpp         |  2 +-
 libgnucash/backend/sql/gnc-owner-sql.cpp           |  4 ++--
 libgnucash/backend/sql/gnc-sql-backend.cpp         |  4 ++--
 .../backend/sql/gnc-sql-column-table-entry.cpp     | 13 ++++++++-----
 .../backend/sql/gnc-sql-column-table-entry.hpp     | 22 ++++++++++++++++++++++
 6 files changed, 39 insertions(+), 12 deletions(-)

More information about the gnucash-patches mailing list