From db3e8fade6973ff9b091d78153a31ac775836051 Mon Sep 17 00:00:00 2001 From: Dimos Dimakakos Date: Wed, 18 May 2022 23:48:58 +0300 Subject: [PATCH 1/2] escape sql parameters in edit record --- tools/clog-db-admin.lisp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tools/clog-db-admin.lisp b/tools/clog-db-admin.lisp index 3d7f1e7..677f8cc 100644 --- a/tools/clog-db-admin.lisp +++ b/tools/clog-db-admin.lisp @@ -117,7 +117,8 @@ (when data (flet ((trim-last (s) (subseq s 0 (- (length s) 1)))) - (sqlite:execute-non-query + (apply + #'sqlite:execute-non-query (db-connection app) (format nil "update ~A set ~A where rowid=~A" @@ -127,12 +128,12 @@ (if (equalp "rowid" (first l)) "" - (format nil "~A='~A'," - (first l) - (second l)))) + (format nil "~A=?," + (first l)))) data))) - (cadar data)))) - (results-window app "select changes()" :title table))))) + (cadar data)) + (mapcar #'second data)))) + (results-window app "select changes()" :title table))))) (defun on-query-tables (obj) (let ((app (connection-data-item obj "app-data"))) From 2057059dee9a0d3dc8004cfbaba187f0c5c0e823 Mon Sep 17 00:00:00 2001 From: Dimos Dimakakos Date: Thu, 19 May 2022 02:18:38 +0300 Subject: [PATCH 2/2] remove spurious parenthesis I don't know how this parenthesis was inserted, since usually paredit-mode is quite strict but I guess it can happen. --- tools/clog-db-admin.lisp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/clog-db-admin.lisp b/tools/clog-db-admin.lisp index 677f8cc..568b314 100644 --- a/tools/clog-db-admin.lisp +++ b/tools/clog-db-admin.lisp @@ -133,7 +133,7 @@ data))) (cadar data)) (mapcar #'second data)))) - (results-window app "select changes()" :title table))))) + (results-window app "select changes()" :title table)))) (defun on-query-tables (obj) (let ((app (connection-data-item obj "app-data")))