BUG: Escape single quote in DICOM database SQL statement

Re https://issues.slicer.org/view.php?id=4709
commontk · Aug 29, 2019 · db30c43 · db30c43
1 parent 6a8d584
commit db30c43
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/Libs/DICOM/Core/ctkDICOMDatabase.cpp b/Libs/DICOM/Core/ctkDICOMDatabase.cpp
@@ -455,7 +455,7 @@ void ctkDICOMDatabasePrivate::insertStudy(const ctkDICOMItem& ctkDataset, int db
     insertStudyStatement.bindValue( 4, studyTime );
     insertStudyStatement.bindValue( 5, accessionNumber );
     insertStudyStatement.bindValue( 6, modalitiesInStudy );
-    insertStudyStatement.bindValue( 7, institutionName );
+    insertStudyStatement.bindValue( 7, institutionName.replace("'", "\'") );
     insertStudyStatement.bindValue( 8, referringPhysician );
     insertStudyStatement.bindValue( 9, performingPhysiciansName );
     insertStudyStatement.bindValue( 10, studyDescription );
@@ -1016,12 +1016,12 @@ bool ctkDICOMDatabasePrivate::applyDisplayedFieldsChanges( QMap<QString, QMap<QS
       int patientUID = patientRecord.value("UID").toInt();
 
       QSqlQuery updateDisplayPatientStatement(this->Database);
-      QString updateDisplayPatientStatementString = 
+      QString updateDisplayPatientStatementString =
         QString("UPDATE Patients SET %1 WHERE UID='%2';").arg(displayPatientsFieldUpdateList).arg(patientUID);
       this->loggedExec(updateDisplayPatientStatement, updateDisplayPatientStatementString);
 
       QSqlQuery updateDisplayedFieldsUpdatedTimestampStatement(this->Database);
-      QString updateDisplayedFieldsUpdatedTimestampStatementString = 
+      QString updateDisplayedFieldsUpdatedTimestampStatementString =
         QString("UPDATE Patients SET DisplayedFieldsUpdatedTimestamp=CURRENT_TIMESTAMP WHERE UID='%1';").arg(patientUID);
       this->loggedExec(updateDisplayedFieldsUpdatedTimestampStatement, updateDisplayedFieldsUpdatedTimestampStatementString);
 
@@ -1062,12 +1062,12 @@ bool ctkDICOMDatabasePrivate::applyDisplayedFieldsChanges( QMap<QString, QMap<QS
       displayStudiesFieldUpdateList = displayStudiesFieldUpdateList.left(displayStudiesFieldUpdateList.size() - 2);
 
       QSqlQuery updateDisplayStudyStatement(this->Database);
-      QString updateDisplayStudyStatementString = 
+      QString updateDisplayStudyStatementString =
         QString("UPDATE Studies SET %1 WHERE StudyInstanceUID='%2';").arg(displayStudiesFieldUpdateList).arg(currentStudy["StudyInstanceUID"]);
       this->loggedExec(updateDisplayStudyStatement, updateDisplayStudyStatementString);
 
       QSqlQuery updateDisplayedFieldsUpdatedTimestampStatement(this->Database);
-      QString updateDisplayedFieldsUpdatedTimestampStatementString = 
+      QString updateDisplayedFieldsUpdatedTimestampStatementString =
         QString("UPDATE Studies SET DisplayedFieldsUpdatedTimestamp=CURRENT_TIMESTAMP WHERE StudyInstanceUID='%1';").arg(currentStudy["StudyInstanceUID"]);
       this->loggedExec(updateDisplayedFieldsUpdatedTimestampStatement, updateDisplayedFieldsUpdatedTimestampStatementString);
     }
@@ -1100,12 +1100,12 @@ bool ctkDICOMDatabasePrivate::applyDisplayedFieldsChanges( QMap<QString, QMap<QS
       displaySeriesFieldUpdateList = displaySeriesFieldUpdateList.left(displaySeriesFieldUpdateList.size() - 2);
 
       QSqlQuery updateDisplaySeriesStatement(this->Database);
-      QString updateDisplaySeriesStatementString = 
+      QString updateDisplaySeriesStatementString =
         QString("UPDATE Series SET %1 WHERE SeriesInstanceUID='%2';").arg(displaySeriesFieldUpdateList).arg(currentSeries["SeriesInstanceUID"]);
       this->loggedExec(updateDisplaySeriesStatement, updateDisplaySeriesStatementString);
 
       QSqlQuery updateDisplayedFieldsUpdatedTimestampStatement(this->Database);
-      QString updateDisplayedFieldsUpdatedTimestampStatementString = 
+      QString updateDisplayedFieldsUpdatedTimestampStatementString =
         QString("UPDATE Series SET DisplayedFieldsUpdatedTimestamp=CURRENT_TIMESTAMP WHERE SeriesInstanceUID='%1';").arg(currentSeries["SeriesInstanceUID"]);
       this->loggedExec(updateDisplayedFieldsUpdatedTimestampStatement, updateDisplayedFieldsUpdatedTimestampStatementString);
     }
@@ -1263,7 +1263,7 @@ void ctkDICOMDatabase::openDatabase(const QString databaseFile, const QString& c
   {
     this->initializeTagCache();
   }
-  
+
   this->setTagsToPrecache(d->DisplayedFieldGenerator.getRequiredTags());
 }
 
@@ -2440,7 +2440,7 @@ void ctkDICOMDatabase::updateDisplayedFields()
       while (newFilesQuery.next())
       {
         QSqlQuery updateDisplayedFieldsUpdatedTimestampStatement(d->Database);
-        QString updateDisplayedFieldsUpdatedTimestampStatementString = 
+        QString updateDisplayedFieldsUpdatedTimestampStatementString =
           QString("UPDATE IMAGES SET DisplayedFieldsUpdatedTimestamp=CURRENT_TIMESTAMP WHERE SOPInstanceUID='%1';").arg(newFilesQuery.value(0).toString());
         d->loggedExec(updateDisplayedFieldsUpdatedTimestampStatement, updateDisplayedFieldsUpdatedTimestampStatementString);
       }