gnucash unstable: Correct quoting for SQL backends.
John Ralls
jralls at code.gnucash.org
Sat Nov 25 17:47:05 EST 2017
Updated via https://github.com/Gnucash/gnucash/commit/d8c2f524 (commit)
from https://github.com/Gnucash/gnucash/commit/037c93fa (commit)
commit d8c2f5244755b8162268077335c78df1449e9a48
Author: John Ralls <jralls at ceridwen.us>
Date: Fri Nov 24 16:53:58 2017 -0800
Correct quoting for SQL backends.
Only string values should be quoted in queries; in particular NULL
isn't a string value and must not be quoted.
Note that this is a less than perfect solution because it doesn't use
the Database's quoting function and so doesn't escape quotes, linefeeds,
or carriage returns inside the string. That's because the SQL generating
logic is independent of the connection class and can't easily get to it.
Summary of changes:
libgnucash/backend/dbi/gnc-dbisqlconnection.cpp | 6 ++++--
libgnucash/backend/sql/gnc-address-sql.cpp | 2 +-
libgnucash/backend/sql/gnc-owner-sql.cpp | 4 ++--
libgnucash/backend/sql/gnc-sql-backend.cpp | 4 ++--
.../backend/sql/gnc-sql-column-table-entry.cpp | 13 ++++++++-----
.../backend/sql/gnc-sql-column-table-entry.hpp | 22 ++++++++++++++++++++++
6 files changed, 39 insertions(+), 12 deletions(-)
More information about the gnucash-patches
mailing list