QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 13:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

udpated api json parsing (lenient mode); add escaping table names in rdbms

Browse Source
This commit is contained in:
darin.kelkhoff
2022-10-25 10:47:06 -05:00
parent dae803f709
commit 8ffc1c1a63
8 changed files with 120 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/AbstractRDBMSAction.java
View File

@ -401,4 +401,14 @@ public abstract class AbstractRDBMSAction implements QActionInterface
}
}
/*******************************************************************************
**
*******************************************************************************/
protected String escapeIdentifier(String id)
{
return ("`" + id + "`");
}
}

2
qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSCountAction.java
View File

@ -57,7 +57,7 @@ public class RDBMSCountAction extends AbstractRDBMSAction implements CountInterf
QTableMetaData table = countInput.getTable();
String tableName = getTableName(table);
String sql = "SELECT count(*) as record_count FROM " + tableName;
String sql = "SELECT count(*) as record_count FROM " + escapeIdentifier(tableName);
QQueryFilter filter = countInput.getFilter();
List<Serializable> params = new ArrayList<>();

2
qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSDeleteAction.java
View File

@ -186,7 +186,7 @@ public class RDBMSDeleteAction extends AbstractRDBMSAction implements DeleteInte
// todo sql customization - can edit sql and/or param list?
String sql = "DELETE FROM "
+ tableName
+ escapeIdentifier(tableName)
+ " WHERE "
+ primaryKeyName + " = ?";

2
qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSInsertAction.java
View File

@ -109,7 +109,7 @@ public class RDBMSInsertAction extends AbstractRDBMSAction implements InsertInte
{
for(List<QRecord> page : CollectionUtils.getPages(insertInput.getRecords(), QueryManager.PAGE_SIZE))
{
String tableName = getTableName(table);
String tableName = escapeIdentifier(getTableName(table));
StringBuilder sql = new StringBuilder("INSERT INTO ").append(tableName).append("(").append(columns).append(") VALUES");
List<Object> params = new ArrayList<>();
int recordIndex = 0;

2
qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSQueryAction.java
View File

@ -72,7 +72,7 @@ public class RDBMSQueryAction extends AbstractRDBMSAction implements QueryInterf
.map(this::getColumnName)
.collect(Collectors.joining(", "));
String sql = "SELECT " + columns + " FROM " + tableName;
String sql = "SELECT " + columns + " FROM " + escapeIdentifier(tableName);
QQueryFilter filter = queryInput.getFilter();
List<Serializable> params = new ArrayList<>();

2
qqq-backend-module-rdbms/src/main/java/com/kingsrook/qqq/backend/module/rdbms/actions/RDBMSUpdateAction.java
View File

@ -223,7 +223,7 @@ public class RDBMSUpdateAction extends AbstractRDBMSAction implements UpdateInte
.map(f -> this.getColumnName(table.getField(f)) + " = ?")
.collect(Collectors.joining(", "));
String tableName = getTableName(table);
String tableName = escapeIdentifier(getTableName(table));
return ("UPDATE " + tableName
+ " SET " + columns
+ " WHERE " + getColumnName(table.getField(table.getPrimaryKeyField())) + " ");