escape sql parameters in edit record

2025-12-06 10:40:45 -08:00 · 2022-05-18 23:48:58 +03:00 · 2022-05-18 23:48:58 +03:00 · db3e8fade6
commit db3e8fade6
parent bf41f07abb
1 changed files with 7 additions and 6 deletions
--- a/tools/clog-db-admin.lisp
+++ b/tools/clog-db-admin.lisp
@ -117,7 +117,8 @@
 		 (when data
 		   (flet ((trim-last (s)
 			    (subseq s 0 (- (length s) 1))))
-		     (sqlite:execute-non-query
+                     (apply
+                      #'sqlite:execute-non-query
 		      (db-connection app)
 		      (format nil
 			      "update ~A set ~A where rowid=~A"
@ -127,11 +128,11 @@
 							   (if (equalp "rowid"
 								       (first l))
 							       ""
-							       (format nil "~A='~A',"
-								       (first l)
-								       (second l))))
+							       (format nil "~A=?,"
+								       (first l))))
 							 data)))
-			      (cadar data))))
+			      (cadar data))
+                      (mapcar #'second data))))
 		 (results-window app "select changes()" :title table)))))

 (defun on-query-tables (obj)