replace the use of StringUtil.quote(String) with StringUtil.JDBCescapeStringLiteral...

[mir.git] / source / mircoders / module / ModuleContent.java

diff --git a/source/mircoders/module/ModuleContent.java b/source/mircoders/module/ModuleContent.java
index 4f41b5c..dff406e 100755 (executable)
--- a/source/mircoders/module/ModuleContent.java
+++ b/source/mircoders/module/ModuleContent.java
@@ -49,11 +49,14 @@ import mircoders.storage.*;
 /*
  *  ContentObjekt -
  *
- * @version $Id: ModuleContent.java,v 1.7.4.3 2002/11/01 05:38:20 mh Exp $
+ * @version $Id: ModuleContent.java,v 1.7.4.4 2002/12/20 03:01:01 mh Exp $
  *
  * @author RK
  *
  * $Log: ModuleContent.java,v $
+ * Revision 1.7.4.4  2002/12/20 03:01:01  mh
+ * replace the use of StringUtil.quote(String) with StringUtil.JDBCescapeStringLiteral(String) to better escape single quotes and other JDBC stuff
+ *
  * Revision 1.7.4.3  2002/11/01 05:38:20  mh
  * Converted media Interface to use streams (Java IO) instead of byte buffers of
  * the entire uplaoded files. These saves loads of unecessary memory use. JAI
@@ -172,7 +175,7 @@ public class ModuleContent extends AbstractModule
        public EntityList getContentByField(String aField, String aValue, String orderBy, int offset,
                                EntityUsers user) throws ModuleException
        {
-               String whereClause = "lower("+aField + ") like lower('%" + StringUtil.quote(aValue) + "%')";
+               String whereClause = "lower("+aField + ") like lower('%" + StringUtil.JDBCescapeStringLiteral(aValue) + "%')";
                return getContent(whereClause, orderBy, offset, user);
        }