diff options
author | bamse16 <marius@marius.me.uk> | 2009-07-11 14:57:10 +0000 |
---|---|---|
committer | bamse16 <marius@marius.me.uk> | 2009-07-11 14:57:10 +0000 |
commit | 04e807c2ca899cabe57ee834eab4336b8e3dbb7a (patch) | |
tree | f8111a9e41b44c1bafcd53d6475c361273c915fa /Source/SPTableData.m | |
parent | 8b79c6ae1d19532932aace89d58bf9e0bc326029 (diff) | |
download | sequelpro-04e807c2ca899cabe57ee834eab4336b8e3dbb7a.tar.gz sequelpro-04e807c2ca899cabe57ee834eab4336b8e3dbb7a.tar.bz2 sequelpro-04e807c2ca899cabe57ee834eab4336b8e3dbb7a.zip |
Issue 333: Problems with single quotes in table name by escaping the single quotes in queries like SHOW TABLE STATUS LIKE 'I\'m';
Diffstat (limited to 'Source/SPTableData.m')
-rw-r--r-- | Source/SPTableData.m | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Source/SPTableData.m b/Source/SPTableData.m index e348ac79..fee2e85e 100644 --- a/Source/SPTableData.m +++ b/Source/SPTableData.m @@ -715,7 +715,9 @@ } // Run the status query and retrieve as a dictionary. - CMMCPResult *tableStatusResult = [mySQLConnection queryString:[NSString stringWithFormat:@"SHOW TABLE STATUS LIKE '%@'", [tableListInstance tableName]]]; + NSMutableString *escapedTableName = [NSMutableString stringWithString:[tableListInstance tableName]]; + [escapedTableName replaceOccurrencesOfString:@"'" withString:@"\\\'" options:0 range:NSMakeRange(0, [escapedTableName length])]; + CMMCPResult *tableStatusResult = [mySQLConnection queryString:[NSString stringWithFormat:@"SHOW TABLE STATUS LIKE '%@'", escapedTableName ]]; // Check for any errors, only displaying them if the connection hasn't been terminated if (![[mySQLConnection getLastErrorMessage] isEqualToString:@""]) { |