Escape percent signs in raw SQL

Signed-off-by: Etzelia <etzelia@hotmail.com>
develop
Etzelia 2019-08-16 12:26:39 -05:00
parent 6b8617fe02
commit a1731ce47f
No known key found for this signature in database
GPG Key ID: 3CAEB74806C4ADE5
2 changed files with 3 additions and 3 deletions

View File

@ -30,7 +30,7 @@ def activity_results(form):
if form.players: if form.players:
for player in form.players.split(","): for player in form.players.split(","):
players.append(player.strip()) players.append(player.strip())
players_clause = " WHERE ({}) ".format(" OR ".join(["player LIKE '%{}%'".format(p) for p in players])) players_clause = " WHERE ({}) ".format(" OR ".join(["player LIKE '%%{}%%'".format(p) for p in players]))
query = '''SELECT query = '''SELECT
0 AS id, cs.time AS unix, cu.user AS player, cs.action 0 AS id, cs.time AS unix, cu.user AS player, cs.action
FROM co_session cs FROM co_session cs

4
gui.py
View File

@ -94,7 +94,7 @@ def gui_data(request):
def gui_results(form): def gui_results(form):
queries = [] queries = []
ignore_environment = " AND player NOT LIKE '#%' " if form.ignore_environment else "" ignore_environment = " AND player NOT LIKE '#%%' " if form.ignore_environment else ""
oldest_first = " ASC " if form.oldest_first else " DESC " oldest_first = " ASC " if form.oldest_first else " DESC "
coords = [] coords = []
@ -112,7 +112,7 @@ def gui_results(form):
if form.players: if form.players:
for player in form.players.split(","): for player in form.players.split(","):
players.append(player.strip()) players.append(player.strip())
players_clause = " AND ({})".format(" OR ".join(["player LIKE '%{}%'".format(p) for p in players])) players_clause = " AND ({})".format(" OR ".join(["player LIKE '%%{}%%'".format(p) for p in players]))
worlds_clause = "" worlds_clause = ""
worlds = [world["id"] for world in form.worlds if world["checked"]] worlds = [world["id"] for world in form.worlds if world["checked"]]