diff options
| author | Christian Pointner <equinox@helsinki.at> | 2011-03-16 01:10:10 (GMT) |
|---|---|---|
| committer | Christian Pointner <equinox@helsinki.at> | 2011-03-16 01:10:10 (GMT) |
| commit | 74cce8f8317cacc9f07404236710e68f279b3773 (patch) | |
| tree | 57becd0d78033cf1027cb2022e9bf600dce4929e /nopsyncd/rddb.lua | |
| parent | fba23d62b11f361af19eae4cf545f946c17b97a5 (diff) | |
small refactoring
Diffstat (limited to 'nopsyncd/rddb.lua')
| -rw-r--r-- | nopsyncd/rddb.lua | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/nopsyncd/rddb.lua b/nopsyncd/rddb.lua index 1a16a4d..e7ed14e 100644 --- a/nopsyncd/rddb.lua +++ b/nopsyncd/rddb.lua @@ -41,8 +41,7 @@ function rddb:init() end function rddb:getCartInfo(cartnum) - -- TODO: SQL Injections!!! - local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. cartnum); + local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. self.con:escape(cartnum)); if cur == nil then return nil, err end @@ -55,6 +54,10 @@ function rddb:getCartInfo(cartnum) results, err = cur:fetch(results, "a") cur:close() + if results.TITLE == nil then results.TITLE = "" end + if results.ARTIST == nil then results.ARTIST = "" end + if results.ALBUM == nil then results.ALBUM = "" end + return results, err end |