pengjunjie/server
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/server.git synced 2026-04-07 14:04:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

sqlEscape для всех полей insert

Browse Source 
git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/nodeJSProjects@62332 954022d7-b5bf-4e40-9824-e11837661b57
This commit is contained in:
Alexander.Trofimov
2015-04-28 13:51:32 +00:00
parent 4b157c5e39
commit b10ca8ce56
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CoAuthoring/sources/baseConnector.js
View File

@ -58,7 +58,7 @@ exports.insertInTable = function (tableId, callbackFunction) {
var table = getTableById(tableId);
var sqlCommand = "INSERT INTO " + table + " VALUES (";
for (var i = 2, l = arguments.length; i < l; ++i) {
sqlCommand += "'" + arguments[i] + "'";
sqlCommand += baseConnector.sqlEscape(arguments[i]);
if (i !== l - 1)
sqlCommand += ",";
}
@ -85,9 +85,10 @@ function _insertChanges (startIndex, objChanges, docId, index, user) {
return;
for (; i < l; ++i, ++index) {
sqlNextRow = "('" + docId + "','" + index + "','" + user.id + "','" + user.idOriginal + "',"
+ baseConnector.sqlEscape(user.name) + ",'" + objChanges[i].change + "','"
+ _getDateTime(objChanges[i].time) + "')";
sqlNextRow = "(" + baseConnector.sqlEscape(docId) + "," + baseConnector.sqlEscape(index) + ","
+ baseConnector.sqlEscape(user.id) + "," + baseConnector.sqlEscape(user.idOriginal) + ","
+ baseConnector.sqlEscape(user.name) + "," + baseConnector.sqlEscape(objChanges[i].change) + ","
+ baseConnector.sqlEscape(_getDateTime(objChanges[i].time)) + ")";
lengthUtf8Row = _lengthInUtf8Bytes(sqlNextRow) + 1; // 1 - это на символ ',' или ';' в конце команды
if (i === startIndex) {
lengthUtf8Current = _lengthInUtf8Bytes(sqlCommand);