Skip to content
Permalink
Browse files

Move sqlite quoting functions to qgssqliteutils.h

  • Loading branch information
m-kuhn committed Dec 19, 2018
1 parent 30b55cc commit 12a6d9b8f44425627cf477bf02758175cffbc55d
Showing with 54 additions and 28 deletions.
  1. +3 −28 src/core/qgssqliteexpressioncompiler.cpp
  2. +35 −0 src/core/qgssqliteutils.cpp
  3. +16 −0 src/core/qgssqliteutils.h
@@ -18,6 +18,7 @@
#include "qgssqliteexpressioncompiler.h"
#include "qgssqlexpressioncompiler.h"
#include "qgsexpressionnodeimpl.h"
#include "qgssqliteutils.h"

QgsSQLiteExpressionCompiler::QgsSQLiteExpressionCompiler( const QgsFields &fields )
: QgsSqlExpressionCompiler( fields, QgsSqlExpressionCompiler::LikeIsCaseInsensitive | QgsSqlExpressionCompiler::IntegerDivisionResultsInInteger )
@@ -51,38 +52,12 @@ QgsSqlExpressionCompiler::Result QgsSQLiteExpressionCompiler::compileNode( const

QString QgsSQLiteExpressionCompiler::quotedIdentifier( const QString &identifier )
{
QString id( identifier );
id.replace( '\"', QLatin1String( "\"\"" ) );
return id.prepend( '\"' ).append( '\"' );
return QgsSqliteUtils::quotedIdentifier( identifier );
}

QString QgsSQLiteExpressionCompiler::quotedValue( const QVariant &value, bool &ok )
{
ok = true;

if ( value.isNull() )
return QStringLiteral( "NULL" );

switch ( value.type() )
{
case QVariant::Int:
case QVariant::LongLong:
case QVariant::Double:
return value.toString();

case QVariant::Bool:
//SQLite has no boolean literals
return value.toBool() ? "1" : "0";

default:
case QVariant::String:
QString v = value.toString();
// https://www.sqlite.org/lang_expr.html :
// """A string constant is formed by enclosing the string in single quotes (').
// A single quote within the string can be encoded by putting two single quotes
// in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. """
return v.replace( '\'', QLatin1String( "''" ) ).prepend( '\'' ).append( '\'' );
}
return QgsSqliteUtils::quotedValue( value, ok );
}

QString QgsSQLiteExpressionCompiler::sqlFunctionFromFunctionName( const QString &fnName ) const
@@ -19,6 +19,7 @@

#include <sqlite3.h>
#include <cstdarg>
#include <QVariant>

void QgsSqlite3Closer::operator()( sqlite3 *database )
{
@@ -101,6 +102,40 @@ QString QgsSqliteUtils::quotedString( const QString &value )
return v.prepend( '\'' ).append( '\'' );
}

QString QgsSqliteUtils::quotedIdentifier( const QString &identifier )
{
QString id( identifier );
id.replace( '\"', QLatin1String( "\"\"" ) );
return id.prepend( '\"' ).append( '\"' );
}

QString QgsSqliteUtils::quotedValue( const QVariant &value )
{
if ( value.isNull() )
return QStringLiteral( "NULL" );

switch ( value.type() )
{
case QVariant::Int:
case QVariant::LongLong:
case QVariant::Double:
return value.toString();

case QVariant::Bool:
//SQLite has no boolean literals
return value.toBool() ? QStringLiteral( "1" ) : QStringLiteral( "0" );

default:
case QVariant::String:
QString v = value.toString();
// https://www.sqlite.org/lang_expr.html :
// """A string constant is formed by enclosing the string in single quotes (').
// A single quote within the string can be encoded by putting two single quotes
// in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL. """
return v.replace( '\'', QLatin1String( "''" ) ).prepend( '\'' ).append( '\'' );
}
}

QString QgsSqlite3Mprintf( const char *format, ... )
{
va_list ap;
@@ -26,6 +26,7 @@

struct sqlite3;
struct sqlite3_stmt;
class QVariant;

/**
* \ingroup core
@@ -153,6 +154,21 @@ class CORE_EXPORT QgsSqliteUtils
* characters correctly escaped.
*/
static QString quotedString( const QString &value );

/**
* Returns a properly quoted version of \a identifier.
*
* \since QGIS 3.6
*/
static QString quotedIdentifier( const QString &identifier );

/**
* Returns a properly quoted and escaped version of \a value
* for use in SQL strings.
*
* \since QGIS 3.6
*/
static QString quotedValue( const QVariant &value );
};

/**

0 comments on commit 12a6d9b

Please sign in to comment.
You can’t perform that action at this time.