Skip to content
Permalink
Browse files

[mssql] Fix inserting features into tables with an after insert trigg…

…er attached

Fixes #20592
  • Loading branch information
roya0045 authored and nyalldawson committed Jan 7, 2019
1 parent efd54f8 commit 69f6ea521b8ee3a78bda0dfd431a9cf6668ad111
Showing with 14 additions and 2 deletions.
  1. +14 −2 src/providers/mssql/qgsmssqlprovider.cpp
@@ -872,7 +872,15 @@ bool QgsMssqlProvider::addFeatures( QgsFeatureList &flist, Flags flags )

QString statement;
QString values;
statement = QStringLiteral( "INSERT INTO [%1].[%2] (" ).arg( mSchemaName, mTableName );
if ( !( flags & QgsFeatureSink::FastInsert ) )
{
statement += QStringLiteral( "DECLARE @px TABLE (id INT); " );
statement += QStringLiteral( "INSERT INTO [%1].[%2] (" ).arg( mSchemaName, mTableName );
}
else
{
statement += QStringLiteral( "INSERT INTO [%1].[%2] (" ).arg( mSchemaName, mTableName );
}

bool first = true;
QSqlQuery query = createQuery();
@@ -947,10 +955,14 @@ bool QgsMssqlProvider::addFeatures( QgsFeatureList &flist, Flags flags )
statement += QStringLiteral( ") " );
if ( !( flags & QgsFeatureSink::FastInsert ) )
{
statement += QStringLiteral( " OUTPUT inserted." ) + mFidColName;
statement += QStringLiteral( " OUTPUT inserted." ) + mFidColName + QStringLiteral( " INTO @px " );
}
statement += QStringLiteral( " VALUES (" ) + values + ')';

if ( !( flags & QgsFeatureSink::FastInsert ) )
{
statement += QStringLiteral( "; SELECT id FROM @px;" );
}
// use prepared statement to prevent from sql injection
if ( !query.prepare( statement ) )
{

0 comments on commit 69f6ea5

Please sign in to comment.
You can’t perform that action at this time.