~hime/aqua

3923e57b7f2c69ae2480a89d8b0f2676e1a6004e — Robbie Straw 7 years ago 28064dc
bare minimum sql string escaping
1 files changed, 6 insertions(+), 1 deletions(-)

M aqua-query/src/lib.rs
M aqua-query/src/lib.rs => aqua-query/src/lib.rs +6 -1
@@ 115,7 115,12 @@ fn visit_ast_node(node: AstNode) -> String {
fn entry_set(tag_name: &str) -> String {
    format!("SELECT entry_id FROM entries_tags
INNER JOIN tags ON tags.id = entries_tags.tag_id
WHERE tags.name = '{}'", tag_name)
WHERE tags.name = E'{}'", escape_tag(tag_name))
}

fn escape_tag(tag_name: &str) -> String{
    tag_name.replace("\\", "\\\\")
            .replace("'", "\\'")
}

fn add_tag(ctx: &mut Context, buf: &mut String) {