diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2012-01-03 16:30:30 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2012-01-03 16:30:30 +0000 |
| commit | ec7b126eb263c8c95f345b52f566e39c8c6c6d4e (patch) | |
| tree | a2effaa285ffc7fa65688bbaf5b03b35f7b8c0cd /provisioning-model.lua | |
| parent | 4ab02f139a6fe853810dff94dab1ababb9ae730d (diff) | |
| download | acf-provisioning-ec7b126eb263c8c95f345b52f566e39c8c6c6d4e.tar.bz2 acf-provisioning-ec7b126eb263c8c95f345b52f566e39c8c6c6d4e.tar.xz | |
Fixed escape function to not escape \
Diffstat (limited to 'provisioning-model.lua')
| -rw-r--r-- | provisioning-model.lua | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/provisioning-model.lua b/provisioning-model.lua index 7b1a0d5..3ea8a3b 100644 --- a/provisioning-model.lua +++ b/provisioning-model.lua @@ -32,10 +32,6 @@ local table_creation_scripts = require("provisioning/provisioning-scripts") -- ################################################################################ -- LOCAL FUNCTIONS -local function escape_quotes(str) - return string.gsub(str or "", "'", "'\\''") -end - local function assert (v, m) if not v then m = m or "Assertion failed!" @@ -47,8 +43,7 @@ end -- Escape special characters in sql statements local escape = function(sql) sql = sql or "" - sql = string.gsub(sql, "'", "''") - return string.gsub(sql, "\\", "\\\\") + return string.gsub(sql, "'", "''") end local createdatabase = function() @@ -670,7 +665,7 @@ get_class = function(class_id) end end -- Now, get the class-to-paramgroup mappings - sql = "SELECT group_id FROM classes_to_param_groups WHERE class_id="..escape(class_id) + sql = "SELECT group_id FROM classes_to_param_groups WHERE class_id='"..escape(class_id).."'" tmp = getselectresponse(sql) for i,g in ipairs(tmp) do groups[g.group_id] = true @@ -868,7 +863,7 @@ get_group = function(group_id) end end -- Now, get the paramgroup-to-param mappings - sql = "SELECT * FROM param_groups_to_params WHERE group_id="..escape(group_id) + sql = "SELECT * FROM param_groups_to_params WHERE group_id='"..escape(group_id).."'" tmp = getselectresponse(sql) for i,p in ipairs(tmp) do retval.params.value[#retval.params.value + 1] = p.param_id @@ -1215,7 +1210,7 @@ get_device = function(device_id) local connected = databaseconnect() if device_id and device_id ~= "" then -- Get the device-to-class mappings - local sql = "SELECT class_id FROM devices_to_classes WHERE device_id="..escape(device_id) + local sql = "SELECT class_id FROM devices_to_classes WHERE device_id='"..escape(device_id).."'" local tmp = getselectresponse(sql) for i,g in ipairs(tmp) do classes[g.class_id] = true @@ -1839,12 +1834,12 @@ function dump_database(db) sql = "SELECT device_id FROM devices_to_classes GROUP BY device_id ORDER BY device_id ASC" devices = getselectresponse(sql) for i,d in ipairs(devices) do - sql = "SELECT label FROM devices_to_classes JOIN provisioning_classes USING(class_id) WHERE device_id="..escape(d.device_id) + sql = "SELECT label FROM devices_to_classes JOIN provisioning_classes USING(class_id) WHERE device_id='"..escape(d.device_id).."'" tmp = getselectresponse(sql) for j,t in ipairs(tmp) do lines[#lines+1] = "INSERT INTO devices_to_classes VALUES("..i..", (SELECT class_id FROM provisioning_classes WHERE label='"..escape(t.label).."'));" end - sql = "SELECT group_name, p.name AS param, v.value FROM provisioning_values v JOIN provisioning_params p USING(param_id) WHERE device_id="..escape(d.device_id) + sql = "SELECT group_name, p.name AS param, v.value FROM provisioning_values v JOIN provisioning_params p USING(param_id) WHERE device_id='"..escape(d.device_id).."'" tmp = getselectresponse(sql) for j,t in ipairs(tmp) do lines[#lines+1] = "INSERT INTO provisioning_values VALUES("..i..", '"..escape(t.group_name).."', (SELECT param_id FROM provisioning_params WHERE name='"..escape(t.param).."'), '"..t.value.."');" |