[mythtv] [PATCH] LogEntry using prepare/bindValue
Kevin Kuphal
kuphal at dls.net
Wed Sep 8 00:30:56 EDT 2004
Simply changes the LogEntry insert to use prepare/bindValue in order to
ensure proper escaping of characters.
Kevin
-------------- next part --------------
Index: mythtv/libs/libmyth/mythcontext.cpp
===================================================================
RCS file: /var/lib/mythcvs/mythtv/libs/libmyth/mythcontext.cpp,v
retrieving revision 1.132
diff -n -u -r1.132 mythcontext.cpp
--- mythtv/libs/libmyth/mythcontext.cpp 7 Sep 2004 02:11:22 -0000 1.132
+++ mythtv/libs/libmyth/mythcontext.cpp 8 Sep 2004 04:27:13 -0000
@@ -1601,22 +1601,25 @@
{
KickDatabase(d->m_db);
- QString querystr = QString("INSERT INTO mythlog (module, priority, "
+ QSqlQuery result(QString::null, d->m_db);
+
+ result.prepare("INSERT INTO mythlog (module, priority, "
"logdate, host, message, details) "
- "values ( '%1', %2, now(), '%3', "
- "'%4','%5' );")
- .arg(module)
- .arg(priority)
- .arg(d->m_localhostname)
- .arg(message).arg(details);
-
- QSqlQuery result = d->m_db->exec(querystr);
- if (!result.isActive())
- MythContext::DBError("LogEntry", querystr);
+ "values ( ':MODULE', :PRIORITY, now(), ':HOSTNAME', "
+ "':MESSAGE',':DETAILS' );");
+
+ result.bindValue(":MODULE", module);
+ result.bindValue(":PRIORITY", priority);
+ result.bindValue(":HOSTNAME", d->m_localhostname);
+ result.bindValue(":MESSAGE", message);
+ result.bindValue(":DETAILS", details);
+
+ if (!result.exec() || !result.isActive())
+ MythContext::DBError("LogEntry", result);
if (d->m_logmaxcount > 0)
{
- querystr = QString("SELECT logid FROM mythlog WHERE "
+ QString querystr = QString("SELECT logid FROM mythlog WHERE "
"module='%1' ORDER BY logdate ASC")
.arg(module);
result = d->m_db->exec(querystr);
More information about the mythtv-dev
mailing list