Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#33 SQLiteManager has many bugs.

open
nobody
None
5
2006-09-11
2006-09-11
Anonymous
No

SQLiteManager has many bugs.

Read the SQLite keywords.
http://sqlite.org/lang_keywords.html

example
create table 'table'('integer' integer);
create table 'int'('%' integer);
create table '&'('=' integer);
this is a right syntax.

edit ,veiw and more
SQLiteManager coruse error.

trigger-name
table-name
column-name
index-name
view-name
...-name

These value must be escaped.

to use quotes() function

:example
brackets($table)
--> quotes(brackets($table))

brackets($champ)
--> quotes(brackets($champ))

brackets(cleanFieldName($value))
--> quotes(brackets(cleanFieldName($value)))

$this->table
--> quotes($this->table)

brackets($this->table)
--> quotes(brackets($this->table))

brackets($indexInfo['name'])
--> quotes(brackets($indexInfo['name']))

quotes(brackets($itemName))

table='.$this->table
table='.htmlentities(urlencode($this->table))

table='.$GLOBALS['table']
table='.htmlentities(urlencode($GLOBALS['table']))

htmlentities(urlencode($accessResult))
htmlentities(urlencode($GLOBALS[strtolower($Items)]))

Discussion

  • Gandalf
    Gandalf
    2006-09-17

    Logged In: YES
    user_id=1598437

    He just means you should add some quotations in the SQL
    Strings. Otherwise the SQL statements don't work the right way.

    Example:
    SQLiteManager: DROP TABLE TABLE
    Right SQL String: DROP TABLE 'TABLE'

    There are many keywords and special letters (like & or %)
    which have to be writen in qoutes.