From 10252532eb7836a60e885505f88bca5fa31a306f Mon Sep 17 00:00:00 2001
From: Victor Kotlyar <Victor.Kotlyar@cern.ch>
Date: Mon, 24 Jun 2019 17:02:13 +0200
Subject: [PATCH] Use bindString in db connection getColumns for WHERE
statements
---
rdbms/wrapper/MysqlConn.cpp | 5 +++--
rdbms/wrapper/OcciConn.cpp | 5 +++--
rdbms/wrapper/PostgresConn.cpp | 5 +++--
rdbms/wrapper/SqliteConn.cpp | 5 +++--
4 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/rdbms/wrapper/MysqlConn.cpp b/rdbms/wrapper/MysqlConn.cpp
index 798b1cd0b5..188ecc28b5 100644
--- a/rdbms/wrapper/MysqlConn.cpp
+++ b/rdbms/wrapper/MysqlConn.cpp
@@ -208,16 +208,17 @@ void MysqlConn::rollback() {
std::map<std::string, std::string> MysqlConn::getColumns(const std::string &tableName) {
try {
std::map<std::string, std::string> columnNamesAndTypes;
- const std::string sql =
+ const char *const sql =
"SELECT "
"COLUMN_NAME, "
"DATA_TYPE "
"FROM "
"INFORMATION_SCHEMA.COLUMNS "
"WHERE "
- "TABLE_NAME = '" + tableName +"'";
+ "TABLE_NAME = :TABLE_NAME";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", tableName);
auto rset = stmt->executeQuery();
while (rset->next()) {
auto name = rset->columnOptionalString("COLUMN_NAME");
diff --git a/rdbms/wrapper/OcciConn.cpp b/rdbms/wrapper/OcciConn.cpp
index d896d6ba08..f21a20a60d 100644
--- a/rdbms/wrapper/OcciConn.cpp
+++ b/rdbms/wrapper/OcciConn.cpp
@@ -167,16 +167,17 @@ void OcciConn::rollback() {
std::map<std::string, std::string> OcciConn::getColumns(const std::string &tableName) {
try {
std::map<std::string, std::string> columnNamesAndTypes;
- const std::string sql =
+ const char *const sql =
"SELECT "
"COLUMN_NAME, "
"DATA_TYPE "
"FROM "
"USER_TAB_COLUMNS "
"WHERE "
- "TABLE_NAME = '" + tableName +"'";
+ "TABLE_NAME = :TABLE_NAME";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", tableName);
auto rset = stmt->executeQuery();
while (rset->next()) {
auto name = rset->columnOptionalString("COLUMN_NAME");
diff --git a/rdbms/wrapper/PostgresConn.cpp b/rdbms/wrapper/PostgresConn.cpp
index 7f49751179..e27ee6792f 100644
--- a/rdbms/wrapper/PostgresConn.cpp
+++ b/rdbms/wrapper/PostgresConn.cpp
@@ -205,16 +205,17 @@ std::map<std::string, std::string> PostgresConn::getColumns(const std::string &t
std::map<std::string, std::string> columnNamesAndTypes;
auto lowercaseTableName = tableName;
utils::toLower(lowercaseTableName); // postgres work with lowercase
- const std::string sql =
+ const char *const sql =
"SELECT "
"COLUMN_NAME, "
"DATA_TYPE "
"FROM "
"INFORMATION_SCHEMA.COLUMNS "
"WHERE "
- "TABLE_NAME = '" + lowercaseTableName +"'";
+ "TABLE_NAME = :TABLE_NAME";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", lowercaseTableName);
auto rset = stmt->executeQuery();
while (rset->next()) {
auto name = rset->columnOptionalString("COLUMN_NAME");
diff --git a/rdbms/wrapper/SqliteConn.cpp b/rdbms/wrapper/SqliteConn.cpp
index 32e8cf3ae4..4a0a2eb63c 100644
--- a/rdbms/wrapper/SqliteConn.cpp
+++ b/rdbms/wrapper/SqliteConn.cpp
@@ -234,13 +234,13 @@ void SqliteConn::printSchema(std::ostream &os) {
std::map<std::string, std::string> SqliteConn::getColumns(const std::string &tableName) {
try {
std::map<std::string, std::string> columnNamesAndTypes;
- const std::string sql =
+ const char *const sql =
"SELECT "
"SQL AS SQL "
"FROM "
"SQLITE_MASTER "
"WHERE "
- "TBL_NAME = '" + tableName +"' "
+ "TBL_NAME = :TABLE_NAME "
"AND "
"TYPE = 'table';";
const std::string columnTypes =
@@ -251,6 +251,7 @@ std::map<std::string, std::string> SqliteConn::getColumns(const std::string &tab
"VARCHAR2";
auto stmt = createStmt(sql);
+ stmt->bindString(":TABLE_NAME", tableName);
auto rset = stmt->executeQuery();
if (rset->next()) {
auto tableSql = rset->columnOptionalString("SQL").value();
--
GitLab