diff options
Diffstat (limited to 'nopsyncd/rddb.lua')
-rw-r--r-- | nopsyncd/rddb.lua | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/nopsyncd/rddb.lua b/nopsyncd/rddb.lua index 1a16a4d..e7ed14e 100644 --- a/nopsyncd/rddb.lua +++ b/nopsyncd/rddb.lua @@ -41,8 +41,7 @@ function rddb:init() end function rddb:getCartInfo(cartnum) - -- TODO: SQL Injections!!! - local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. cartnum); + local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. self.con:escape(cartnum)); if cur == nil then return nil, err end @@ -55,6 +54,10 @@ function rddb:getCartInfo(cartnum) results, err = cur:fetch(results, "a") cur:close() + if results.TITLE == nil then results.TITLE = "" end + if results.ARTIST == nil then results.ARTIST = "" end + if results.ALBUM == nil then results.ALBUM = "" end + return results, err end |