Skip to content
Permalink
Browse files

Postgres: escape quotes in field values

git-svn-id: http://svn.osgeo.org/qgis/trunk@6215 c8812cc2-4d05-0410-92ff-de0c093fc19c
  • Loading branch information
wonder
wonder committed Dec 8, 2006
1 parent d7113a0 commit c53c866663f1bef4eb49af884c757916096c5a82
Showing with 10 additions and 1 deletion.
  1. +10 −1 src/providers/postgres/qgspostgresprovider.cpp
@@ -1741,6 +1741,10 @@ bool QgsPostgresProvider::addFeature(QgsFeature* f, int primaryKeyHighWater)
{
insert+="'";
}

// important: escape quotes in field value
fieldvalue.replace("'", "''");

insert+=fieldvalue;
if(charactertype)
{
@@ -1995,7 +1999,12 @@ bool QgsPostgresProvider::changeAttributeValues(std::map<int,std::map<QString,QS
{
for(std::map<QString,QString>::const_iterator siter=(*iter).second.begin();siter!=(*iter).second.end();++siter)
{
QString sql="UPDATE "+mSchemaTableName+" SET "+(*siter).first+"='"+(*siter).second+"' WHERE \"" +primaryKey+"\"="+QString::number((*iter).first);
QString val = (*siter).second;

// escape quotes
val.replace("'", "''");

QString sql="UPDATE "+mSchemaTableName+" SET "+(*siter).first+"='"+val+"' WHERE \"" +primaryKey+"\"="+QString::number((*iter).first);
QgsDebugMsg(sql);

// s end sql statement and do error handling

0 comments on commit c53c866

Please sign in to comment.
You can’t perform that action at this time.