Commit 362909b8 authored by jan.koester's avatar jan.koester
Browse files

sql escaped added

parent fb83a6b3

plugins/content/content.cpp

+1 −1
Original line number Diff line number Diff line
@@ -712,7 +712,7 @@ namespace blogi { 
            blogi::SQL sql;

            blogi::DBResult res;



            sql << "SELECT title,descrition,id FROM content WHERE title @@ to_tsquery('" << word <<"') OR descrition @@ to_tsquery('" << word <<"')  OR text @@ to_tsquery('" << word <<"');";

            sql << "SELECT title,descrition,id FROM content WHERE title @@ to_tsquery('" << sql.escaped(buf,word) <<"') OR descrition @@ to_tsquery('" << sql.escaped(buf,word) <<"')  OR text @@ to_tsquery('" << sql.escaped(buf,word) <<"');";



            int count=Args->database[tid]->exec(&sql,res);

plugins/staticpage/static.cpp

+1 −1
Original line number Diff line number Diff line
@@ -386,7 +386,7 @@ void blogi::StaticPage::Search(const int tid, const char* word, blogi::SearchRet 
    blogi::SQL sql;

    blogi::DBResult res;



    sql << "SELECT id,url,meta,text FROM static_content WHERE text @@ to_tsquery('" << word <<"') OR meta @@ to_tsquery('" << word <<"');";

    sql << "SELECT id,url,meta,text FROM static_content WHERE text @@ to_tsquery('" << sql.escaped(buf,word) <<"') OR meta @@ to_tsquery('" << sql.escaped(buf,word) <<"');";



    int count=Args->database[tid]->exec(&sql,res);