Revision 2501
Added by Aaron Marcuse-Kubitza over 12 years ago
| lib/sql.py | ||
|---|---|---|
| 100 | 100 |
|
| 101 | 101 |
##### Input validation |
| 102 | 102 |
|
| 103 |
def clean_name(name): return name.replace('"', '')
|
|
| 103 |
def clean_name(name): return name.replace('"', '').replace('`', '')
|
|
| 104 | 104 |
|
| 105 | 105 |
def check_name(name): |
| 106 | 106 |
if re.search(r'\W', name) != None: raise NameException('Name "'+name
|
Also available in: Unified diff
sql.py: clean_name(): Also remove '`' (which is used by MySQL)