dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #04719
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 1575: Applied sql encoding for names used in statements in dataanlysis
------------------------------------------------------------
revno: 1575
committer: Lars Helge Oeverland <larshelge@xxxxxxxxx>
branch nick: trunk
timestamp: Mon 2010-03-08 11:57:25 +0100
message:
Applied sql encoding for names used in statements in dataanlysis
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java
dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java
dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java
dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java
dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java
dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription.
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java 2009-12-24 14:47:25 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java 2010-03-08 10:57:25 +0000
@@ -109,8 +109,8 @@
final String sql =
"SELECT dv.dataelementid, dv.periodid, dv.sourceid, dv.categoryoptioncomboid, dv.value, dv.storedby, dv.lastupdated, " +
"dv.comment, dv.followup, '" + lowerBound + "' AS minvalue, '" + upperBound + "' AS maxvalue, " +
- "'" + dataElement.getName() + "' AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " +
- "'" + organisationUnit.getName() + "' AS sourcename, cc.categoryoptioncomboname " +
+ statementBuilder.encode( dataElement.getName() ) + " AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " +
+ statementBuilder.encode( organisationUnit.getName() ) + " AS sourcename, cc.categoryoptioncomboname " +
"FROM datavalue AS dv " +
"JOIN period AS pe USING (periodid) " +
"JOIN periodtype AS pt USING (periodtypeid) " +
@@ -153,8 +153,9 @@
"SELECT '" + dataElement.getId() + "' AS dataelementid, pe.periodid, " +
"'" + organisationUnit.getId() + "' AS sourceid, '" + categoryOptionCombo.getId() + "' AS categoryoptioncomboid, " +
"'' AS value, '' AS storedby, '1900-01-01' AS lastupdated, '' AS comment, false AS followup, '0' as minvalue, '100000' as maxvalue, " +
- "'" + dataElement.getName() + "' AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " +
- "'" + organisationUnit.getName() + "' AS sourcename, '" + categoryOptionCombo.getName() + "' as categoryoptioncomboname " +
+ statementBuilder.encode( dataElement.getName() ) + " AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " +
+ statementBuilder.encode( organisationUnit.getName() ) + " AS sourcename, " +
+ statementBuilder.encode( categoryOptionCombo.getName() ) + " AS categoryoptioncomboname " + //TODO join?
"FROM period AS pe " +
"JOIN periodtype AS pt USING (periodtypeid) " +
"WHERE periodid IN (" + periodIds + ") " +
=== modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java'
--- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2010-02-24 12:17:43 +0000
+++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2010-03-08 10:57:25 +0000
@@ -35,6 +35,16 @@
*/
public interface StatementBuilder
{
+ final String QUOTE = "'";
+
+ /**
+ * Encodes the provided SQL value.
+ *
+ * @param value the value.
+ * @return the SQL encoded value.
+ */
+ String encode( String value );
+
/**
* Returns the name of a double column type.
* @return the name of a double column type.
@@ -93,7 +103,6 @@
int getMaximumNumberOfColumns();
/**
- *
* Drop Dataset foreign key for DataEntryForm table
*
* @return
=== modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java'
--- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java 2010-02-24 12:17:43 +0000
+++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java 2010-03-08 10:57:25 +0000
@@ -45,6 +45,17 @@
return "DOUBLE";
}
+ public String encode( String value )
+ {
+ if ( value != null )
+ {
+ value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value;
+ value = value.replaceAll( QUOTE, QUOTE + QUOTE );
+ }
+
+ return QUOTE + value + QUOTE;
+ }
+
public String getPeriodIdentifierStatement( Period period )
{
return
=== modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java'
--- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java 2010-02-24 12:17:43 +0000
+++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java 2010-03-08 10:57:25 +0000
@@ -45,6 +45,17 @@
return "DOUBLE";
}
+ public String encode( String value )
+ {
+ if ( value != null )
+ {
+ value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value;
+ value = value.replaceAll( QUOTE, QUOTE + QUOTE );
+ }
+
+ return QUOTE + value + QUOTE;
+ }
+
public String getPeriodIdentifierStatement( Period period )
{
return
=== modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java'
--- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java 2010-02-24 12:17:43 +0000
+++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java 2010-03-08 10:57:25 +0000
@@ -44,6 +44,17 @@
{
return "DOUBLE";
}
+
+ public String encode( String value )
+ {
+ if ( value != null )
+ {
+ value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value;
+ value = value.replaceAll( QUOTE, "\\\\" + QUOTE );
+ }
+
+ return QUOTE + value + QUOTE;
+ }
public String getPeriodIdentifierStatement( Period period )
{
=== modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java'
--- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java 2010-02-24 12:17:43 +0000
+++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java 2010-03-08 10:57:25 +0000
@@ -45,6 +45,17 @@
return "DOUBLE PRECISION";
}
+ public String encode( String value )
+ {
+ if ( value != null )
+ {
+ value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value;
+ value = value.replaceAll( QUOTE, "\\\\" + QUOTE );
+ }
+
+ return QUOTE + value + QUOTE;
+ }
+
public String getPeriodIdentifierStatement( Period period )
{
return
