Castopod/AntennaPod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape SQL query parameters, Reformat

Browse Source
This commit is contained in:
Martin Fietz 2016-01-02 13:22:26 +01:00
parent d18efcc3b1
commit 557b028c28
1 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
core/src/main/java/de/danoeh/antennapod/core/storage/PodDBAdapter.java
View File

@ -1258,25 +1258,31 @@ public class PodDBAdapter {
} }
public final Cursor getFeedItemCursor(final String podcastUrl, final String episodeUrl) { public final Cursor getFeedItemCursor(final String podcastUrl, final String episodeUrl) {
final String query = "SELECT " + SEL_FI_SMALL_STR + " FROM " + TABLE_NAME_FEED_ITEMS String downloadUrl = DatabaseUtils.sqlEscapeString(podcastUrl);
+ " INNER JOIN " + String itemIdentifier = DatabaseUtils.sqlEscapeString(episodeUrl);
TABLE_NAME_FEEDS + " ON " + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + final String query = ""
TABLE_NAME_FEEDS + "." + KEY_ID + " WHERE " + TABLE_NAME_FEED_ITEMS + "." + KEY_ITEM_IDENTIFIER + "='" + + "SELECT " + SEL_FI_SMALL_STR + " FROM " + TABLE_NAME_FEED_ITEMS
episodeUrl + "' AND " + TABLE_NAME_FEEDS + "." + KEY_DOWNLOAD_URL + "='" + podcastUrl + "'"; + " INNER JOIN " + TABLE_NAME_FEEDS
+ " ON " + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + TABLE_NAME_FEEDS + "." + KEY_ID
+ " WHERE " + TABLE_NAME_FEED_ITEMS + "." + KEY_ITEM_IDENTIFIER + "='" + itemIdentifier + "'"
+ " AND " + TABLE_NAME_FEEDS + "." + KEY_DOWNLOAD_URL + "='" + downloadUrl + "'";
return db.rawQuery(query, null); return db.rawQuery(query, null);
} }
public Cursor getImageAuthenticationCursor(final String imageUrl) { public Cursor getImageAuthenticationCursor(final String imageUrl) {
final String query = "SELECT " + KEY_USERNAME + "," + KEY_PASSWORD + " FROM " String downloadUrl = DatabaseUtils.sqlEscapeString(imageUrl);
+ TABLE_NAME_FEED_IMAGES + " INNER JOIN " + TABLE_NAME_FEEDS + " ON " + final String query = ""
TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + TABLE_NAME_FEEDS + "." + KEY_IMAGE + " WHERE " + "SELECT " + KEY_USERNAME + "," + KEY_PASSWORD + " FROM " + TABLE_NAME_FEED_IMAGES
+ TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + imageUrl + "' UNION SELECT " + " INNER JOIN " + TABLE_NAME_FEEDS
+ KEY_USERNAME + "," + KEY_PASSWORD + " FROM " + TABLE_NAME_FEED_IMAGES + " INNER JOIN " + " ON " + TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + TABLE_NAME_FEEDS + "." + KEY_IMAGE
+ TABLE_NAME_FEED_ITEMS + " ON " + TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + + " WHERE " + TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + downloadUrl + "'"
TABLE_NAME_FEED_ITEMS + "." + KEY_IMAGE + " INNER JOIN " + TABLE_NAME_FEEDS + " ON " + " UNION SELECT " + KEY_USERNAME + "," + KEY_PASSWORD
+ TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + TABLE_NAME_FEEDS + "." + KEY_ID + " WHERE " + " FROM " + TABLE_NAME_FEED_IMAGES
+ TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + imageUrl + "'"; + " INNER JOIN " + TABLE_NAME_FEED_ITEMS
Log.d(TAG, "Query: " + query); + " ON " + TABLE_NAME_FEED_IMAGES + "." + KEY_ID + "=" + TABLE_NAME_FEED_ITEMS + "." + KEY_IMAGE
+ " INNER JOIN " + TABLE_NAME_FEEDS
+ " ON " + TABLE_NAME_FEED_ITEMS + "." + KEY_FEED + "=" + TABLE_NAME_FEEDS + "." + KEY_ID
+ " WHERE " + TABLE_NAME_FEED_IMAGES + "." + KEY_DOWNLOAD_URL + "='" + downloadUrl + "'";
return db.rawQuery(query, null); return db.rawQuery(query, null);
} }