summaryrefslogtreecommitdiff
path: root/nopsyncd/rddb.lua
diff options
context:
space:
mode:
Diffstat (limited to 'nopsyncd/rddb.lua')
-rw-r--r--nopsyncd/rddb.lua7
1 files changed, 5 insertions, 2 deletions
diff --git a/nopsyncd/rddb.lua b/nopsyncd/rddb.lua
index 1a16a4d..e7ed14e 100644
--- a/nopsyncd/rddb.lua
+++ b/nopsyncd/rddb.lua
@@ -41,8 +41,7 @@ function rddb:init()
end
function rddb:getCartInfo(cartnum)
- -- TODO: SQL Injections!!!
- local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. cartnum);
+ local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. self.con:escape(cartnum));
if cur == nil then
return nil, err
end
@@ -55,6 +54,10 @@ function rddb:getCartInfo(cartnum)
results, err = cur:fetch(results, "a")
cur:close()
+ if results.TITLE == nil then results.TITLE = "" end
+ if results.ARTIST == nil then results.ARTIST = "" end
+ if results.ALBUM == nil then results.ALBUM = "" end
+
return results, err
end
generated by cgit v0.10.2 at 2024-09-16 13:15:24 (GMT)