HattrickOrganizer icon indicating copy to clipboard operation
HattrickOrganizer copied to clipboard
verified publisher icon ho-dev

[FEATURE] Replace DBManager's EscapeSequences methods

Open wsbrenk opened this issue 3 years ago • 5 comments

i think the existing insert- and deleteEscapeSequences are error prone.

for example they will deliver wrong results if the original strings contained '#' or '§' characters.

To get rid of escaping, the use of prepared statements should be considered.

wsbrenk avatar Jul 22 '22 11:07 wsbrenk

@tychobrailleur what are your thoughts concerning this?

wsbrenk avatar Jul 22 '22 11:07 wsbrenk

#1592 found this escapes here. maybe they are the reason for that issue!?

wsbrenk avatar Jul 22 '22 11:07 wsbrenk

Yes, I would agree prepared statements are preferable, safer and clearer. I think it would be a lot of work to convert all SQL statements into prepared statements, though?

tychobrailleur avatar Jul 24 '22 08:07 tychobrailleur

@tychobrailleur work is in progress. the crucial thing is how to migrate all the strings in database with escaped characters. Up to now i have no good idea concerning this. i fear this will become a very long running migration.

wsbrenk avatar Jul 24 '22 10:07 wsbrenk

image

wsbrenk avatar Jul 27 '22 21:07 wsbrenk