Update of /cvsroot/pymerase/pymerase/pymerase/output/dbAPI
In directory sc8-pr-cvs1:/tmp/cvs-serv27429
Modified Files:
dbAPI.py
Log Message:
Added code to escape " in strings quoted strings going to postgresql
Index: dbAPI.py
===================================================================
RCS file: /cvsroot/pymerase/pymerase/pymerase/output/dbAPI/dbAPI.py,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -d -r1.19 -r1.20
*** dbAPI.py 18 Jan 2003 01:35:32 -0000 1.19
--- dbAPI.py 18 Mar 2003 02:49:42 -0000 1.20
***************
*** 55,58 ****
--- 55,63 ----
+ def sqlEscapeString(s):
+ """Given a string escape any double quote marks \"
+ """
+ return re.sub('"', '\"', s)
+
class Field:
"""Stores information about database fields.
***************
*** 163,167 ****
keyValue = self.thisObject.fields[self.thisObject.getPrimaryKeyName()].value
! sql %= (self.otherEndModule.getTableName(), keyName, keyValue)
print "__loadObjects{%s}: %s -> %s" % (m, sql, self.otherEndModule.getClassName())
warn("__loadObjects{%s}: %s" % (m, sql), DebugWarning)
--- 168,175 ----
keyValue = self.thisObject.fields[self.thisObject.getPrimaryKeyName()].value
! tableName = sqlEscapeString(self.otherEndModule.getTableName())
! keyName = sqlEscapeString(keyName)
! keyValue = sqlEscapeString(keyValue)
! sql %= (tableName, keyName, keyValue)
print "__loadObjects{%s}: %s -> %s" % (m, sql, self.otherEndModule.getClassName())
warn("__loadObjects{%s}: %s" % (m, sql), DebugWarning)
***************
*** 314,317 ****
--- 322,328 ----
# FIXME: how should I handle adding new objects to an object?
return None
+
+ from_table = sqlEscapeString(from_table)
+ key_name = sqlEscapeString(key_name)
sql = sql % (from_table, key_name, key_value)
***************
*** 449,453 ****
cursor = self.db_session.cursor()
select_sql = "SELECT * FROM \"%s\" WHERE \"%s\" = %s"
! select_sql %= (self.table_name, self.getPrimaryKeyName(), primary_key)
cursor.execute(select_sql)
# FIXME: what to do if this loads more than one record?
--- 460,467 ----
cursor = self.db_session.cursor()
select_sql = "SELECT * FROM \"%s\" WHERE \"%s\" = %s"
!
! table_name = sqlEscapeString(self.table_name)
! primary_key_name = sqlEscapeString(self.getPrimaryKeyName())
! select_sql %= (table_name, primary_key_name, primary_key)
cursor.execute(select_sql)
# FIXME: what to do if this loads more than one record?
***************
*** 499,503 ****
cursor = self.db_session.cursor()
# FIXME: this is a postgresql specific statement
! sql = "SELECT nextval('\"%s\"')" % (self.getPrimaryKeyName()+"_seq")
warn("getNextKey: %s" % (sql), DebugWarning)
cursor.execute(sql)
--- 513,517 ----
cursor = self.db_session.cursor()
# FIXME: this is a postgresql specific statement
! sql = "SELECT nextval('\"%s\"')" % (sqlEscapeString(self.getPrimaryKeyName()+"_seq"))
warn("getNextKey: %s" % (sql), DebugWarning)
cursor.execute(sql)
***************
*** 559,565 ****
update_pairs = string.join(update_pairs_list, ', ')
sql = "UPDATE \"%s\" SET %s WHERE \"%s\" = %s"
! sql %=(self.table_name,
update_pairs,
! self.getPrimaryKeyName(),
self.id())
else:
--- 573,579 ----
update_pairs = string.join(update_pairs_list, ', ')
sql = "UPDATE \"%s\" SET %s WHERE \"%s\" = %s"
! sql %=(sqlEscapeString(self.table_name),
update_pairs,
! sqlEscapeString(self.getPrimaryKeyName()),
self.id())
else:
***************
*** 567,571 ****
update_values = string.join(update_values_list, ", ")
sql = "INSERT INTO \"%s\" (%s) VALUES (%s);"
! sql %= (self.table_name, update_names, update_values)
#execute the query
--- 581,585 ----
update_values = string.join(update_values_list, ", ")
sql = "INSERT INTO \"%s\" (%s) VALUES (%s);"
! sql %= (sqlEscapeString(self.table_name), update_names, update_values)
#execute the query
***************
*** 648,652 ****
# FIXME: Should this actually even be an option?
delete_sql = "DELETE FROM \"%s\" WHERE \"%s\" = %s"
! delete_sql %= (self.table_name, self.getPrimaryKeyName(), self.id())
try:
--- 662,668 ----
# FIXME: Should this actually even be an option?
delete_sql = "DELETE FROM \"%s\" WHERE \"%s\" = %s"
! delete_sql %= (sqlEscapeString(self.table_name),
! sqlEscapeString(self.getPrimaryKeyName()),
! self.id())
try:
|
