Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Simone Rossi
main
Commits
aee1cce1
Commit
aee1cce1
authored
Apr 24, 2018
by
Daniele Venzano
Browse files
Escape table names in SQL queries
parent
5eea477c
Changes
1
Hide whitespace changes
Inline
Side-by-side
zoe_lib/state/base.py
View file @
aee1cce1
...
...
@@ -53,7 +53,7 @@ class BaseTable:
def
delete
(
self
,
record_id
):
"""Delete a record from this table."""
query
=
"
DELETE FROM {} WHERE id = %s
"
.
format
(
self
.
table_name
)
query
=
'
DELETE FROM
"
{}
"
WHERE id = %s
'
.
format
(
self
.
table_name
)
self
.
cursor
.
execute
(
query
,
(
record_id
,))
self
.
sql_manager
.
commit
()
...
...
@@ -66,7 +66,7 @@ class BaseTable:
value_list
.
append
(
value
)
set_q
=
", "
.
join
(
arg_list
)
value_list
.
append
(
record_id
)
q_base
=
'UPDATE {} SET '
.
format
(
self
.
table_name
)
+
set_q
+
' WHERE id=%s'
q_base
=
'UPDATE
"
{}
"
SET '
.
format
(
self
.
table_name
)
+
set_q
+
' WHERE id=%s'
query
=
self
.
cursor
.
mogrify
(
q_base
,
value_list
)
self
.
cursor
.
execute
(
query
)
self
.
sql_manager
.
commit
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment