qstrings can cause sql errors depending on contents

HamedMasafi / Nut

Advanced, Powerful and easy to use ORM for Qt

GNU Lesser General Public License v3.0

294 stars 75 forks source link

qstrings can cause sql errors depending on contents #37

Closed eyecreate closed 5 years ago

eyecreate commented 5 years ago

When a QString has a single quote in it, it breaks the sql statements because the raw commands use single quotes to contain content. There should be something handling this case, like escaping them.

ex:

Error executing sql command: near "s": syntax error Unable to execute statement; Command=UPDATE purchases SET humanname='Sid Meier's Civilization® III: Complete', type='storefront', intname='civilization3_complete_storefront', humbleid='' WHERE id=1

HamedMasafi commented 5 years ago

Thanks for bug report. I've written a library for this issue https://github.com/HamedMasafi/Serializer

I'm going to integrate it with Nut then nut can store any data type that supports by QMetaType including QPoint(F), QRect(F), QJsonDocument, QRegion and etc

HamedMasafi commented 5 years ago

This is fixed in dev branch. and will be merged with master branch ASAP