[mythtv-commits] Ticket #3072: MythGame: Apostrophe or single quote in filename breaks selection.

MythTV mythtv at cvs.mythtv.org
Tue Nov 6 03:39:21 UTC 2007 

#3072: MythGame: Apostrophe or single quote in filename breaks selection.
--------------------------------+-------------------------------------------
 Reporter:  spikeygg at gmail.com  |        Owner:  greg    
     Type:  defect              |       Status:  reopened
 Priority:  minor               |    Milestone:  unknown 
Component:  mythgame            |      Version:  0.20    
 Severity:  medium              |   Resolution:          
  Mlocked:  0                   |  
--------------------------------+-------------------------------------------

Comment(by mythtv at pasher.org):

 I noticed the same problem recently in my MythTV installation (I even
 updated to the latest SVN as of Nov 3, 2007). I never noticed it was due
 to the apostrophes until I saw this ticket. After weeding through the
 code, it appears this was broken at revision [12542]. In that revision,
 the double quotes in the queries were changed to single quotes for
 compatibility reasons (which is correct), but since the strings are now
 enclosed in single quotes, you will get SQL errors for files that have
 apostrophes in them.

 The fix is to escape the string before it is injected into the SQL
 statement. In SQL,  a single quote is escaped with another single quote.
 For example, in rominfo.cpp, this change (one of many that are needed)
 will fix the display of the game info in the ROM browser.

 ......
     QString thequery = "SELECT
 system,gamename,genre,year,romname,favorite,"
 "rompath,country,crc_value,diskcount,gametype,publisher,"
                        "version FROM gamemetadata WHERE gamename='"
                        + gamename.replace("'", "''") + "'";
 ......

 Obviously the cleanest way is to have some sort of escaping function
 (possibly in the MSqlQuery class) or to use prepared SQL statements. In
 the change above, it also alters the original string (which may not be a
 good idea depending on the circumstances). I'm not quite familiar enough
 with the MythTV code to provide a patch myself, but if no one else is
 willing to give it a shot, I may be able to get around to it sometime
 soon.

-- 
Ticket URL: <http://svn.mythtv.org/trac/ticket/3072#comment:7>
MythTV <http://svn.mythtv.org/trac>
MythTV

More information about the mythtv-commits mailing list