diff options
| author | Martin Fietz <Martin.Fietz@gmail.com> | 2016-01-02 13:22:26 +0100 |
|---|---|---|
| committer | Martin Fietz <Martin.Fietz@gmail.com> | 2016-01-02 13:22:26 +0100 |
| commit | 557b028c28b70c042ee582f25920b5af1b7a0f7d (patch) | |
| tree | 7109fd21a860c421ec22fe47545c3fb3e5feb312 | |
| parent | d18efcc3b178a6ae35344a90eed09b7b1ab51689 (diff) | |
| download | AntennaPod-557b028c28b70c042ee582f25920b5af1b7a0f7d.zip | |
Escape SQL query parameters, Reformat
| -rw-r--r-- | core/src/main/java/de/danoeh/antennapod/core/storage/PodDBAdapter.java | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/core/src/main/java/de/danoeh/antennapod/core/storage/PodDBAdapter.java b/core/src/main/java/de/danoeh/antennapod/core/storage/PodDBAdapter.java index 87485a237..daff951df 100644 --- a/core/src/main/java/de/danoeh/antennapod/core/storage/PodDBAdapter.java +++ b/core/src/main/java/de/danoeh/antennapod/core/storage/PodDBAdapter.java @@ -1258,25 +1258,31 @@ public class PodDBAdapter { } public final Cursor getFeedItemCursor(final String podcastUrl, final String episodeUrl) { - final String query = "SELECT " + SEL_FI_SMALL_STR + " FROM " + TABLE_NAME_FEED_ITEMS - + " INNER JOIN " + - TABLE_NAME_FEEDS + " ON " + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + - TABLE_NAME_FEEDS + "." + KEY_ID + " WHERE " + TABLE_NAME_FEED_ITEMS + "." + KEY_ITEM_IDENTIFIER + "='" + - episodeUrl + "' AND " + TABLE_NAME_FEEDS + "." + KEY_DOWNLOAD_URL + "='" + podcastUrl + "'"; + String downloadUrl = DatabaseUtils.sqlEscapeString(podcastUrl); + String itemIdentifier = DatabaseUtils.sqlEscapeString(episodeUrl); + final String query = "" + + "SELECT " + SEL_FI_SMALL_STR + " FROM " + TABLE_NAME_FEED_ITEMS + + " INNER JOIN " + TABLE_NAME_FEEDS + + " ON " + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + TABLE_NAME_FEEDS + "." + KEY_ID + + " WHERE " + TABLE_NAME_FEED_ITEMS + "." + KEY_ITEM_IDENTIFIER + "='" + itemIdentifier + "'" + + " AND " + TABLE_NAME_FEEDS + "." + KEY_DOWNLOAD_URL + "='" + downloadUrl + "'"; return db.rawQuery(query, null); } public Cursor getImageAuthenticationCursor(final String imageUrl) { - final String query = "SELECT " + KEY_USERNAME + "," + KEY_PASSWORD + " FROM " - + TABLE_NAME_FEED_IMAGES + " INNER JOIN " + TABLE_NAME_FEEDS + " ON " + - TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + TABLE_NAME_FEEDS + "." + KEY_IMAGE + " WHERE " - + TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + imageUrl + "' UNION SELECT " - + KEY_USERNAME + "," + KEY_PASSWORD + " FROM " + TABLE_NAME_FEED_IMAGES + " INNER JOIN " - + TABLE_NAME_FEED_ITEMS + " ON " + TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + - TABLE_NAME_FEED_ITEMS + "." + KEY_IMAGE + " INNER JOIN " + TABLE_NAME_FEEDS + " ON " - + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + TABLE_NAME_FEEDS + "." + KEY_ID + " WHERE " - + TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + imageUrl + "'"; - Log.d(TAG, "Query: " + query); + String downloadUrl = DatabaseUtils.sqlEscapeString(imageUrl); + final String query = "" + + "SELECT " + KEY_USERNAME + "," + KEY_PASSWORD + " FROM " + TABLE_NAME_FEED_IMAGES + + " INNER JOIN " + TABLE_NAME_FEEDS + + " ON " + TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + TABLE_NAME_FEEDS + "." + KEY_IMAGE + + " WHERE " + TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + downloadUrl + "'" + + " UNION SELECT " + KEY_USERNAME + "," + KEY_PASSWORD + + " FROM " + TABLE_NAME_FEED_IMAGES + + " INNER JOIN " + TABLE_NAME_FEED_ITEMS + + " ON " + TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + TABLE_NAME_FEED_ITEMS + "." + KEY_IMAGE + + " INNER JOIN " + TABLE_NAME_FEEDS + + " ON " + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + TABLE_NAME_FEEDS + "." + KEY_ID + + " WHERE " + TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + downloadUrl + "'"; return db.rawQuery(query, null); } |