Revision 644
Added by Aaron Marcuse-Kubitza almost 13 years ago
lib/sql.py | ||
---|---|---|
84 | 84 |
map(check_name, conds.keys()) |
85 | 85 |
def cond(entry): |
86 | 86 |
col, value = entry |
87 |
cond_ = col+' '
|
|
87 |
cond_ = esc_name(db, col)+' '
|
|
88 | 88 |
if value == None: cond_ += 'IS' |
89 | 89 |
else: cond_ += '=' |
90 | 90 |
cond_ += ' %s' |
91 | 91 |
return cond_ |
92 |
query = 'SELECT '+', '.join(fields)+' FROM '+table |
|
92 |
query = ('SELECT ' + ', '.join([esc_name(db, field) for field in fields]) |
|
93 |
+ ' FROM '+esc_name(db, table)) |
|
93 | 94 |
if conds != {}: |
94 | 95 |
query += ' WHERE '+' AND '.join(map(cond, conds.iteritems())) |
95 | 96 |
if limit != None: query += ' LIMIT '+str(limit) |
Also available in: Unified diff
sql.py: Use esc_name() to escape fields in SELECT statements