From 7cb559fe62c8234d47de98fe4db66164fe98f471 Mon Sep 17 00:00:00 2001 From: Jay Adkisson Date: Fri, 5 Aug 2011 15:21:59 -0700 Subject: [PATCH] inspired by @ScriptFanix, use bash parameter substitution instead of sed. Also, actually execute the calculated query instead of just ignoring it :X --- lib/model.sh | 4 ++-- lib/util.sh | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/model.sh b/lib/model.sh index c13485f..6096843 100644 --- a/lib/model.sh +++ b/lib/model.sh @@ -42,9 +42,9 @@ balls::model.find() { local query="$1"; shift for param in "$@"; do db_safe param - query="$(sed "s/\?/$param/" <<<"$query")" + query="${query/\?/$param}" done - balls::model.execute "SELECT * from $(balls::model.table_name) WHERE $@" + balls::model.execute "SELECT * from $(balls::model.table_name) WHERE $query" } balls::model.fetch_fields() { diff --git a/lib/util.sh b/lib/util.sh index 2194b0b..6706048 100644 --- a/lib/util.sh +++ b/lib/util.sh @@ -104,18 +104,19 @@ trim() { # will quote my_var for mysql. db_safe() { local str="${!1}." # append a . so that bash doesn't chomp off newlines at the end + local escaped_quote="\\'" str="$( - echo "$str" | sed "s/'/\\\\'/g" | while read line; do echo -n "$line\\n"; done)" - # ^ escape ' escape \n - sed has trouble with this one. + echo "${str//\'/$escaped_quote}" | while read line; do echo -n "$line\\n"; done)" + # ^ escape ' escape \n - bash has trouble with this one. export "$1"="'${str:0:${#str}-1}'" # enclose in single quotes, strip off the ., and export the variable } # escape ' with '\''. sorry everyone. bash_safe() { local str="${!1}." - str="$(echo "$str" | sed "s/'/'\\\\''/g")" - # escape ' with (literally) '\'' - sorry everyone - export "$1"="'${str:0:${#str}-1}'" + # escape ' with (literally) '\'' - sorry everyone + local escaped_quote="'\\''" + export "$1"="'${str//\'/$escaped_quote}'" } join() {