Skip to content

Commit

Permalink
Postgres: escape quotes in field values
Browse files Browse the repository at this point in the history
git-svn-id: http://svn.osgeo.org/qgis/trunk/qgis@6215 c8812cc2-4d05-0410-92ff-de0c093fc19c
  • Loading branch information
wonder committed Dec 8, 2006
1 parent e49886e commit f87c5c6
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/providers/postgres/qgspostgresprovider.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1741,6 +1741,10 @@ bool QgsPostgresProvider::addFeature(QgsFeature* f, int primaryKeyHighWater)
{
insert+="'";
}

// important: escape quotes in field value
fieldvalue.replace("'", "''");

insert+=fieldvalue;
if(charactertype)
{
Expand Down Expand Up @@ -1995,7 +1999,12 @@ bool QgsPostgresProvider::changeAttributeValues(std::map<int,std::map<QString,QS
{
for(std::map<QString,QString>::const_iterator siter=(*iter).second.begin();siter!=(*iter).second.end();++siter)
{
QString sql="UPDATE "+mSchemaTableName+" SET "+(*siter).first+"='"+(*siter).second+"' WHERE \"" +primaryKey+"\"="+QString::number((*iter).first);
QString val = (*siter).second;

// escape quotes
val.replace("'", "''");

QString sql="UPDATE "+mSchemaTableName+" SET "+(*siter).first+"='"+val+"' WHERE \"" +primaryKey+"\"="+QString::number((*iter).first);
QgsDebugMsg(sql);

// s end sql statement and do error handling
Expand Down

0 comments on commit f87c5c6

Please sign in to comment.