diff options
| author | Denis Loh <denis.loh@gmail.com> | 2009-10-29 16:40:29 +0100 |
|---|---|---|
| committer | Denis Loh <denis.loh@gmail.com> | 2009-10-29 16:40:29 +0100 |
| commit | 5057fe1ea036ba681ee232a19392751633322760 (patch) | |
| tree | 9f28323fd073f8518e90df5148c8737b2ee3017e /database/metadata.cpp | |
| parent | a0ea012e9f0a6535695ab1c6efb6cb700d4b57ef (diff) | |
| download | vdr-plugin-upnp-5057fe1ea036ba681ee232a19392751633322760.tar.gz vdr-plugin-upnp-5057fe1ea036ba681ee232a19392751633322760.tar.bz2 | |
Closed bug with ' and database\nimproved LiveTV receiver
Diffstat (limited to 'database/metadata.cpp')
| -rw-r--r-- | database/metadata.cpp | 43 |
1 files changed, 18 insertions, 25 deletions
diff --git a/database/metadata.cpp b/database/metadata.cpp index 4f18009..ebe530b 100644 --- a/database/metadata.cpp +++ b/database/metadata.cpp @@ -61,12 +61,10 @@ bool cMediaDatabase::init(){ } void cMediaDatabase::updateSystemID(){ - cString Statement = cString::sprintf("INSERT OR REPLACE INTO %s (Key,Value) VALUES ('%s','%d')", - SQLITE_TABLE_SYSTEM, - KEY_SYSTEM_UPDATE_ID, - this->getSystemUpdateID()+1 - ); - this->mDatabase->execStatement(Statement); + this->mDatabase->execStatement("INSERT OR REPLACE INTO %s (Key,Value) VALUES (%Q,%d)", + SQLITE_TABLE_SYSTEM, + KEY_SYSTEM_UPDATE_ID, + this->getSystemUpdateID()+1); } const char* cMediaDatabase::getContainerUpdateIDs(){ @@ -74,11 +72,9 @@ const char* cMediaDatabase::getContainerUpdateIDs(){ } unsigned int cMediaDatabase::getSystemUpdateID(){ - cString Statement = cString::sprintf("SELECT Value FROM %s WHERE Key='%s'", - SQLITE_TABLE_SYSTEM, - KEY_SYSTEM_UPDATE_ID - ); - if(this->mDatabase->execStatement(Statement)){ + if(this->mDatabase->execStatement("SELECT Value FROM %s WHERE Key=%Q", + SQLITE_TABLE_SYSTEM, + KEY_SYSTEM_UPDATE_ID)){ ERROR("Error while executing statement"); return 0; } @@ -99,9 +95,9 @@ unsigned int cMediaDatabase::getSystemUpdateID(){ cUPnPObjectID cMediaDatabase::getNextObjectID(){ cString Statement, Column, Value; - const char* Format = "SELECT Key FROM %s WHERE KeyID=%s"; - Statement = cString::sprintf(Format, SQLITE_TABLE_PRIMARY_KEYS, PK_OBJECTS); - if(this->mDatabase->execStatement(Statement)){ + if(this->mDatabase->execStatement("SELECT Key FROM %s WHERE KeyID=%Q", + SQLITE_TABLE_PRIMARY_KEYS, + PK_OBJECTS)){ ERROR("Error while executing statement"); return 0; } @@ -130,17 +126,12 @@ int cMediaDatabase::addFastFind(cUPnPClassObject* Object, const char* FastFind){ return -1; } - char* escapedFastFind; - escapeSQLite(FastFind, &escapedFastFind); - cString Statement = cString::sprintf("INSERT OR REPLACE INTO %s (%s, %s) VALUES ('%s', '%s')", + if(this->mDatabase->execStatement("INSERT OR REPLACE INTO %s (%s, %s) VALUES (%Q, %Q)", SQLITE_TABLE_ITEMFINDER, SQLITE_COL_OBJECTID, SQLITE_COL_ITEMFINDER, *Object->getID(), - escapedFastFind - ); - free(escapedFastFind); - if(this->mDatabase->execStatement(Statement)){ + FastFind)){ ERROR("Error while executing statement"); return -1; } @@ -150,10 +141,12 @@ int cMediaDatabase::addFastFind(cUPnPClassObject* Object, const char* FastFind){ cUPnPClassObject* cMediaDatabase::getObjectByFastFind(const char* FastFind){ if(!FastFind) return NULL; MESSAGE("Try to find Object with identifier %s", FastFind); - cString Statement, Column, Value; - const char* Format = "SELECT %s FROM %s WHERE %s='%s'"; - Statement = cString::sprintf(Format, SQLITE_COL_OBJECTID, SQLITE_TABLE_ITEMFINDER, SQLITE_COL_ITEMFINDER, FastFind); - if(this->mDatabase->execStatement(Statement)){ + cString Column, Value; + if(this->mDatabase->execStatement("SELECT %s FROM %s WHERE %s=%Q", + SQLITE_COL_OBJECTID, + SQLITE_TABLE_ITEMFINDER, + SQLITE_COL_ITEMFINDER, + FastFind)){ ERROR("Error while executing statement"); return 0; } |