diff options
author | Ted Trask <ttrask01@yahoo.com> | 2010-04-09 15:20:46 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2010-04-09 15:20:46 +0000 |
commit | 38b5920e8a6b8137209f23385b315f7cf614a9d3 (patch) | |
tree | 34858c05141d5c32f0cdd6ffdcc45f34cf12547a | |
parent | db3654f905328903fc2157baa0529eabd49997c6 (diff) | |
download | acf-did-38b5920e8a6b8137209f23385b315f7cf614a9d3.tar.bz2 acf-did-38b5920e8a6b8137209f23385b315f7cf614a9d3.tar.xz |
Fixed regular expressions in search.
-rw-r--r-- | did-model.lua | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/did-model.lua b/did-model.lua index 0c2a343..c18e376 100644 --- a/did-model.lua +++ b/did-model.lua @@ -53,6 +53,12 @@ local escape = function(sql) return string.gsub(sql, "'", "''") end +-- Escape special characters in sql statement regular expressions +local escaperegex = function(sql) + sql = string.gsub(sql or "", "[%[%].*+?{()]", "\\\\%1") + return escape(sql) +end + -- List the postgres databases on this system local listdatabases = function() local dbs = {} @@ -180,24 +186,25 @@ local generatewhereclause = function(did, extension, identification, description local where = {} -- We're going to use regular expressions so can search for substrings if did and did ~= "" then - where[#where+1] = "definition.did ~ '.*"..escape(did)..".*'" + where[#where+1] = "definition.did ~ '"..escaperegex(did).."'" end if extension and extension ~= "" then - where[#where+1] = "extension ~ '.*"..escape(extension)..".*'" + where[#where+1] = "extension ~ '"..escaperegex(extension).."'" end if identification and identification ~= "" then - where[#where+1] = "identification ~ '.*"..escape(identification)..".*'" + where[#where+1] = "identification ~ '"..escaperegex(identification).."'" end -- For these two, specify case insensitive if description and description ~= "" then - where[#where+1] = "description ~* '.*"..escape(description)..".*'" + where[#where+1] = "description ~* '"..escaperegex(description).."'" end if department and department ~= "" then - where[#where+1] = "department ~* '.*"..escape(department)..".*'" + where[#where+1] = "department ~* '"..escaperegex(department).."'" end if #where > 0 then sql = " " .. (clause or "WHERE") .. " " .. table.concat(where, " AND ") end +APP.logevent(sql) return sql end |