archive
/
tasks
mirror of https://github.com/tasks/tasks
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Sanitize sqlite IN statements, use single quotes

Browse Source
pull/14/head
Sam Bosley 13 years ago
parent dd6a3fa98c
commit 01858ac016
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
api/src/com/todoroo/andlib/data/Property.java
Unescape Escape View File

@ -13,6 +13,7 @@ import static com.todoroo.andlib.sql.SqlConstants.SPACE;
import com.todoroo.andlib.sql.Criterion;
import com.todoroo.andlib.sql.Field;
import com.todoroo.andlib.sql.Operator;
import com.todoroo.andlib.sql.UnaryCriterion;
/**
* Property represents a typed column in a database.
@ -176,7 +177,7 @@ public abstract class Property<TYPE> extends Field implements Cloneable {
protected void populate(StringBuilder sb) {
sb.append(field).append(SPACE).append(Operator.in).append(SPACE).append(LEFT_PARENTHESIS).append(SPACE);
for (String s : value) {
sb.append("\"").append(s.toString()).append("\"").append(COMMA);
sb.append("'").append(UnaryCriterion.sanitize(s)).append("'").append(COMMA);
}
sb.deleteCharAt(sb.length() - 1).append(RIGHT_PARENTHESIS);
}

Write Preview
Loading…
Cancel
Save