Skip to content

Commit

Permalink
Move sqlite quoting functions to qgssqliteutils.h
Browse files Browse the repository at this point in the history
  • Loading branch information
m-kuhn committed Dec 19, 2018
1 parent 30b55cc commit 12a6d9b
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 28 deletions.
31 changes: 3 additions & 28 deletions src/core/qgssqliteexpressioncompiler.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
#include "qgssqliteexpressioncompiler.h"
#include "qgssqlexpressioncompiler.h"
#include "qgsexpressionnodeimpl.h"
#include "qgssqliteutils.h"

QgsSQLiteExpressionCompiler::QgsSQLiteExpressionCompiler( const QgsFields &fields )
: QgsSqlExpressionCompiler( fields, QgsSqlExpressionCompiler::LikeIsCaseInsensitive | QgsSqlExpressionCompiler::IntegerDivisionResultsInInteger )
Expand Down Expand Up @@ -51,38 +52,12 @@ QgsSqlExpressionCompiler::Result QgsSQLiteExpressionCompiler::compileNode( const

QString QgsSQLiteExpressionCompiler::quotedIdentifier( const QString &identifier )
{
QString id( identifier );
id.replace( '\"', QLatin1String( "\"\"" ) );
return id.prepend( '\"' ).append( '\"' );
return QgsSqliteUtils::quotedIdentifier( identifier );
}

QString QgsSQLiteExpressionCompiler::quotedValue( const QVariant &value, bool &ok )
{
ok = true;

if ( value.isNull() )
return QStringLiteral( "NULL" );

switch ( value.type() )
{
case QVariant::Int:
case QVariant::LongLong:
case QVariant::Double:
return value.toString();

case QVariant::Bool:
//SQLite has no boolean literals
return value.toBool() ? "1" : "0";

default:
case QVariant::String:
QString v = value.toString();
// https://www.sqlite.org/lang_expr.html :
// """A string constant is formed by enclosing the string in single quotes (').
// A single quote within the string can be encoded by putting two single quotes
// in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. """
return v.replace( '\'', QLatin1String( "''" ) ).prepend( '\'' ).append( '\'' );
}
return QgsSqliteUtils::quotedValue( value, ok );
}

QString QgsSQLiteExpressionCompiler::sqlFunctionFromFunctionName( const QString &fnName ) const
Expand Down
35 changes: 35 additions & 0 deletions src/core/qgssqliteutils.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

#include <sqlite3.h>
#include <cstdarg>
#include <QVariant>

void QgsSqlite3Closer::operator()( sqlite3 *database )
{
Expand Down Expand Up @@ -101,6 +102,40 @@ QString QgsSqliteUtils::quotedString( const QString &value )
return v.prepend( '\'' ).append( '\'' );
}

QString QgsSqliteUtils::quotedIdentifier( const QString &identifier )
{
QString id( identifier );
id.replace( '\"', QLatin1String( "\"\"" ) );
return id.prepend( '\"' ).append( '\"' );
}

QString QgsSqliteUtils::quotedValue( const QVariant &value )
{
if ( value.isNull() )
return QStringLiteral( "NULL" );

switch ( value.type() )
{
case QVariant::Int:
case QVariant::LongLong:
case QVariant::Double:
return value.toString();

case QVariant::Bool:
//SQLite has no boolean literals
return value.toBool() ? QStringLiteral( "1" ) : QStringLiteral( "0" );

default:
case QVariant::String:
QString v = value.toString();
// https://www.sqlite.org/lang_expr.html :
// """A string constant is formed by enclosing the string in single quotes (').
// A single quote within the string can be encoded by putting two single quotes
// in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. """
return v.replace( '\'', QLatin1String( "''" ) ).prepend( '\'' ).append( '\'' );
}
}

QString QgsSqlite3Mprintf( const char *format, ... )
{
va_list ap;
Expand Down
16 changes: 16 additions & 0 deletions src/core/qgssqliteutils.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

struct sqlite3;
struct sqlite3_stmt;
class QVariant;

/**
* \ingroup core
Expand Down Expand Up @@ -153,6 +154,21 @@ class CORE_EXPORT QgsSqliteUtils
* characters correctly escaped.
*/
static QString quotedString( const QString &value );

/**
* Returns a properly quoted version of \a identifier.
*
* \since QGIS 3.6
*/
static QString quotedIdentifier( const QString &identifier );

/**
* Returns a properly quoted and escaped version of \a value
* for use in SQL strings.
*
* \since QGIS 3.6
*/
static QString quotedValue( const QVariant &value );
};

/**
Expand Down

0 comments on commit 12a6d9b

Please sign in to comment.