replace the use of StringUtil.quote(String) with StringUtil.JDBCescapeStringLiteral...

diff --git a/source/mir/storage/Database.java b/source/mir/storage/Database.java
index a571908..081a002 100755 (executable)
--- a/source/mir/storage/Database.java
+++ b/source/mir/storage/Database.java
@@ -55,7 +55,7 @@ import  mir.misc.*;
  * Treiber, Host, User und Passwort, ueber den der Zugriff auf die
  * Datenbank erfolgt.
  *
- * @version $Revision: 1.21.2.3 $ $Date: 2002/12/10 09:05:07 $
+ * @version $Revision: 1.21.2.4 $ $Date: 2002/12/20 03:01:01 $
  * @author $Author: mh $
  *
  */
@@ -282,13 +282,9 @@ public class Database implements StorageObject {
                                                break;
                                        case java.sql.Types.CHAR:case java.sql.Types.VARCHAR:case java.sql.Types.LONGVARCHAR:
                                                outValue = rs.getString(valueIndex);
-                                               //if (outValue != null)
-                                                       //outValue = StringUtil.encodeHtml(StringUtil.unquote(outValue));
                                                break;
                                        case java.sql.Types.LONGVARBINARY:
                                                outValue = rs.getString(valueIndex);
-                                               //if (outValue != null)
-                                               //outValue = StringUtil.encodeHtml(StringUtil.unquote(outValue));
                                                break;
                                        case java.sql.Types.TIMESTAMP:
             // it's important to use Timestamp here as getting it
@@ -698,7 +694,7 @@ public class Database implements StorageObject {
                                                }
                                                else {
                                                        if (theEntity.hasValueForField(aField)) {
-                                                               aValue = "'" + StringUtil.quote((String)theEntity.getValue(aField))
+                                                               aValue = "'" + StringUtil.JDBCescapeStringLiteral((String)theEntity.getValue(aField))
                                                                                + "'";
                                                        }
                                                }
@@ -801,7 +797,7 @@ public class Database implements StorageObject {
                                        else {
                                                firstField = false;
                                        }
-                                       fv.append(aField).append("='").append(StringUtil.quote((String)theEntity.getValue(aField))).append("'");
+                                       fv.append(aField).append("='").append(StringUtil.JDBCescapeStringLiteral((String)theEntity.getValue(aField))).append("'");
                                }
                        }
                }

diff --git a/source/mircoders/module/ModuleContent.java b/source/mircoders/module/ModuleContent.java
index 4f41b5c..dff406e 100755 (executable)
--- a/source/mircoders/module/ModuleContent.java
+++ b/source/mircoders/module/ModuleContent.java
@@ -49,11 +49,14 @@ import mircoders.storage.*;
 /*
  *  ContentObjekt -
  *
- * @version $Id: ModuleContent.java,v 1.7.4.3 2002/11/01 05:38:20 mh Exp $
+ * @version $Id: ModuleContent.java,v 1.7.4.4 2002/12/20 03:01:01 mh Exp $
  *
  * @author RK
  *
  * $Log: ModuleContent.java,v $
+ * Revision 1.7.4.4  2002/12/20 03:01:01  mh
+ * replace the use of StringUtil.quote(String) with StringUtil.JDBCescapeStringLiteral(String) to better escape single quotes and other JDBC stuff
+ *
  * Revision 1.7.4.3  2002/11/01 05:38:20  mh
  * Converted media Interface to use streams (Java IO) instead of byte buffers of
  * the entire uplaoded files. These saves loads of unecessary memory use. JAI
@@ -172,7 +175,7 @@ public class ModuleContent extends AbstractModule
        public EntityList getContentByField(String aField, String aValue, String orderBy, int offset,
                                EntityUsers user) throws ModuleException
        {
-               String whereClause = "lower("+aField + ") like lower('%" + StringUtil.quote(aValue) + "%')";
+               String whereClause = "lower("+aField + ") like lower('%" + StringUtil.JDBCescapeStringLiteral(aValue) + "%')";
                return getContent(whereClause, orderBy, offset, user);
        }
 

diff --git a/source/mircoders/storage/DatabaseLinksImcs.java b/source/mircoders/storage/DatabaseLinksImcs.java
index 7290782..0f7597c 100755 (executable)
--- a/source/mircoders/storage/DatabaseLinksImcs.java
+++ b/source/mircoders/storage/DatabaseLinksImcs.java
@@ -114,9 +114,9 @@ public class DatabaseLinksImcs extends Database
                                                else {
                                                        if (theEntityValues.containsKey(aField)) {
                                                                if (aField.equals("to_parent_id")) {
-                                                                       aValue = StringUtil.quote((String)theEntityValues.get(aField));
+                                                                       aValue = StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField));
                                                                } else {
-                                                                       aValue = "'" + StringUtil.quote((String)theEntityValues.get(aField)) + "'";
+                                                                       aValue = "'" + StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField)) + "'";
                                                                }
                                                        }
                                                }
@@ -192,9 +192,9 @@ public class DatabaseLinksImcs extends Database
                                                firstField = false;
                                        }
                                        if (aField.equals("to_parent_id")) {
-                                               fv.append(aField).append("=").append(StringUtil.quote((String)theEntityValues.get(aField)));
+                                               fv.append(aField).append("=").append(StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField)));
                                        } else {
-                                               fv.append(aField).append("='").append(StringUtil.quote((String)theEntityValues.get(aField))).append("'");
+                                               fv.append(aField).append("='").append(StringUtil.JDBCescapeStringLiteral((String)theEntityValues.get(aField))).append("'");
                                        }
                                }
                        }