summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2011-03-16 14:59:35 (GMT)
committerChristian Pointner <equinox@helsinki.at>2011-03-16 14:59:35 (GMT)
commit0ae418d89c3725ca72510467e8cfa55adefc8c6b (patch)
tree800274cf8db7ea373fc5d0a3d6f13ed7486c2440
parentd3960b443bd20216d096815db6e10e2b7f6c53b9 (diff)
sql string escaping at tempstorage
-rw-r--r--nopsyncd/rddb.lua2
-rw-r--r--nopsyncd/tempstorage.lua6
2 files changed, 5 insertions, 3 deletions
diff --git a/nopsyncd/rddb.lua b/nopsyncd/rddb.lua
index e7ed14e..56c73b7 100644
--- a/nopsyncd/rddb.lua
+++ b/nopsyncd/rddb.lua
@@ -32,7 +32,7 @@ function rddb:init()
end
-- TODO: read /etc/rd.conf for connection info
- self.con, err = self.env:connect("rivendell", "rivendellro", "lldrivenro", "127.0.0.1")
+ self.con, err = self.env:connect("rivendell", "rivendellro", "lldrivenro", "192.168.1.16")
if self.con == nil then
return nil, err
end
diff --git a/nopsyncd/tempstorage.lua b/nopsyncd/tempstorage.lua
index 37f3422..d40ee42 100644
--- a/nopsyncd/tempstorage.lua
+++ b/nopsyncd/tempstorage.lua
@@ -61,14 +61,16 @@ function tempstorage:getLastCart()
end
function tempstorage:insertMusic(timestamp, cart, len, title, artist, album)
+ timestamp = tonumber(timestamp)
cart = tonumber(cart)
+ len = tonumber(len)
if cart < 400000 or cart > 450000 then
poolnum = 0
else
poolnum = math.floor(cart/1000) - 399
end
- -- TODO escape "' in strings"
- local cur, err = self.con:execute("INSERT into now VALUES(" .. timestamp .. ", " .. cart .. ", " .. len .. ", 'Musikpool " .. poolnum .. "', '" .. title .. "', '" .. artist .."', '" .. album .. "', 1)")
+ -- usage of undocumented escape function...
+ local cur, err = self.con:execute("INSERT into now VALUES(" .. timestamp .. ", " .. cart .. ", " .. len .. ", 'Musikpool " .. poolnum .. "', '" .. self.con:escape(title) .. "', '" .. self.con:escape(artist) .."', '" .. self.con:escape(album) .. "', 1)")
if cur == nil then
return nil, err
end