diff options
| author | louis <louis.braun@gmx.de> | 2013-08-24 08:53:37 +0200 |
|---|---|---|
| committer | louis <louis.braun@gmx.de> | 2013-08-24 08:53:37 +0200 |
| commit | d6a47a6d7e69fb7abebb1482bc965bd2cb4fae13 (patch) | |
| tree | a4a341fd3c84d65a2825cdbb8fe40876223a55ab | |
| parent | 02b9b8c10a79c1fb2f52c4017eb9c2edde39ddaa (diff) | |
| download | vdr-plugin-tvscraper-d6a47a6d7e69fb7abebb1482bc965bd2cb4fae13.tar.gz vdr-plugin-tvscraper-d6a47a6d7e69fb7abebb1482bc965bd2cb4fae13.tar.bz2 | |
escaped some select statements correctly
| -rw-r--r-- | HISTORY | 7 | ||||
| -rw-r--r-- | tvscraperdb.c | 38 | ||||
| -rw-r--r-- | tvscraperdb.h | 1 |
3 files changed, 40 insertions, 6 deletions
@@ -4,3 +4,10 @@ VDR Plugin 'tvscraper' Revision History 2013-07-26: Version 0.0.1 - Initial revision. + +2013-08-24: Version 0.0.2 + +- renamed plugin to "tvscraper" +- removed unnecessary string in ScrapRecordings +- Correctly escaped select statements with movie + or series titles diff --git a/tvscraperdb.c b/tvscraperdb.c index e89be33..245e43e 100644 --- a/tvscraperdb.c +++ b/tvscraperdb.c @@ -51,6 +51,34 @@ vector<vector<string> > cTVScraperDB::Query(string query) { return results;
}
+vector<vector<string> > cTVScraperDB::QueryEscaped(string query, string where) {
+ sqlite3_stmt *statement;
+ vector<vector<string> > results;
+ if(sqlite3_prepare_v2(db, query.c_str(), -1, &statement, 0) == SQLITE_OK) {
+ sqlite3_bind_text(statement, 1, where.c_str(), -1, SQLITE_TRANSIENT);
+ int cols = sqlite3_column_count(statement);
+ int result = 0;
+ while(true) {
+ result = sqlite3_step(statement);
+ if(result == SQLITE_ROW) {
+ vector<string> values;
+ for(int col = 0; col < cols; col++) {
+ values.push_back((char*)sqlite3_column_text(statement, col));
+ }
+ results.push_back(values);
+ } else {
+ break;
+ }
+ }
+ sqlite3_finalize(statement);
+ }
+ string error = sqlite3_errmsg(db);
+ if(error != "not an error") {
+ esyslog("tvscraper: query failed: %s , error: %s", query.c_str(), error.c_str());
+ }
+ return results;
+}
+
bool cTVScraperDB::Connect(void) {
if (inMem) {
if (sqlite3_open(dbPathMem.c_str(),&db)!=SQLITE_OK) {
@@ -395,9 +423,8 @@ bool cTVScraperDB::SeriesExists(int seriesID) { }
int cTVScraperDB::SearchMovie(string movieTitle) {
- stringstream sql;
- sql << "select movie_id from movies where movie_title='" << movieTitle.c_str() << "'";
- vector<vector<string> > result = Query(sql.str());
+ string sql = "select movie_id from movies where movie_title=?";
+ vector<vector<string> > result = QueryEscaped(sql, movieTitle);
int movieID = 0;
if (result.size() > 0) {
vector<vector<string> >::iterator it = result.begin();
@@ -410,9 +437,8 @@ int cTVScraperDB::SearchMovie(string movieTitle) { }
int cTVScraperDB::SearchSeries(string seriesTitle) {
- stringstream sql;
- sql << "select series_id from series where series_name='" << seriesTitle.c_str() << "'";
- vector<vector<string> > result = Query(sql.str());
+ string sql = "select series_id from series where series_name=?";
+ vector<vector<string> > result = QueryEscaped(sql, seriesTitle);
int seriesID = 0;
if (result.size() > 0) {
vector<vector<string> >::iterator it = result.begin();
diff --git a/tvscraperdb.h b/tvscraperdb.h index a8f06ee..fa9c58d 100644 --- a/tvscraperdb.h +++ b/tvscraperdb.h @@ -12,6 +12,7 @@ private: string dbPathMem;
bool inMem;
vector<vector<string> > Query(string query);
+ vector<vector<string> > QueryEscaped(string query, string where);
int LoadOrSaveDb(sqlite3 *pInMemory, const char *zFilename, int isSave);
bool CreateTables(void);
public:
|