Revision 644
Added by Aaron Marcuse-Kubitza almost 13 years ago
| sql.py | ||
|---|---|---|
| 84 | 84 |
map(check_name, conds.keys()) |
| 85 | 85 |
def cond(entry): |
| 86 | 86 |
col, value = entry |
| 87 |
cond_ = col+' '
|
|
| 87 |
cond_ = esc_name(db, col)+' '
|
|
| 88 | 88 |
if value == None: cond_ += 'IS' |
| 89 | 89 |
else: cond_ += '=' |
| 90 | 90 |
cond_ += ' %s' |
| 91 | 91 |
return cond_ |
| 92 |
query = 'SELECT '+', '.join(fields)+' FROM '+table |
|
| 92 |
query = ('SELECT ' + ', '.join([esc_name(db, field) for field in fields])
|
|
| 93 |
+ ' FROM '+esc_name(db, table)) |
|
| 93 | 94 |
if conds != {}:
|
| 94 | 95 |
query += ' WHERE '+' AND '.join(map(cond, conds.iteritems())) |
| 95 | 96 |
if limit != None: query += ' LIMIT '+str(limit) |
Also available in: Unified diff
sql.py: Use esc_name() to escape fields in SELECT statements