[mythtv] escaping strings in sql queries
Philippe C. Cattin
cattin at vision.ee.ethz.ch
Wed Dec 24 06:16:34 EST 2003
>>I did exactly this for mythbrowser last night.
>>I was working on the very same problem for mythbrowser last night. I
>>implemented a mythbrowser specific solution, although I prefer a global
>>function to do it.
>>
>>what I found out so far is, that the single quot ', the % and _ need to
>>be escaped (the double quot " seems to work fine without escaping).
>
>
> So, if you like to use it in mythbrowser, too, maybe the attached escapeString
> function in util.* is helpful. I am not sure which things need to be escaped
> for an SQL query, the method in the patch should escape \"%_'.
> This is not tested, but taken from tested (and GPLed) kdevelop code, just the
> escaped characters are changed. When I have time these days I'll try to apply
> this function in all places where it makes sense, test it and provide another
> (trivial) patch.
I decided to use the bindValue approach suggested by A. Withers. It
seems to be a lot cleaner and simpler than to escape them by hand.
Now I have to dive into the key-binding stuff as it seems to interfere
with mythbrowser somehow (dialogb-box navigation doesn't work as
expected anymore).
regards, Philippe
More information about the mythtv-dev
mailing list