Escape find string in PgSQL core groups plugin

bullet-2.82
Justin Clark-Casey (justincc) 2014-05-15 22:45:01 +01:00
parent d32d25634d
commit 6dc1b113d0
2 changed files with 26 additions and 4 deletions

View File

@ -300,7 +300,6 @@ namespace OpenSim.Data.PGSQL
m_Realm, where);
cmd.Connection = conn;
cmd.CommandText = query;
//m_log.WarnFormat("[PGSQLGenericTable]: SELECT {0} WHERE {1}", m_Realm, where);
conn.Open();
@ -308,6 +307,25 @@ namespace OpenSim.Data.PGSQL
}
}
public virtual T[] Get(string where, NpgsqlParameter parameter)
{
using (NpgsqlConnection conn = new NpgsqlConnection(m_ConnectionString))
using (NpgsqlCommand cmd = new NpgsqlCommand())
{
string query = String.Format("SELECT * FROM {0} WHERE {1}",
m_Realm, where);
cmd.Connection = conn;
cmd.CommandText = query;
//m_log.WarnFormat("[PGSQLGenericTable]: SELECT {0} WHERE {1}", m_Realm, where);
cmd.Parameters.Add(parameter);
conn.Open();
return DoQuery(cmd);
}
}
public virtual bool Store(T row)
{
List<string> constraintFields = GetConstraints();

View File

@ -83,11 +83,15 @@ namespace OpenSim.Data.PGSQL
public GroupData[] RetrieveGroups(string pattern)
{
if (string.IsNullOrEmpty(pattern)) // True for where clause
{
pattern = " true ORDER BY lower(\"Name\") LIMIT 100";
return m_Groups.Get(pattern);
}
else
pattern = string.Format(" lower(\"Name\") LIKE lower('%{0}%') ORDER BY lower(\"Name\") LIMIT 100", pattern);
return m_Groups.Get(pattern);
{
pattern = string.Format(" lower(\"Name\") LIKE lower('%:pattern%') ORDER BY lower(\"Name\") LIMIT 100");
return m_Groups.Get(pattern, new NpgsqlParameter("pattern", pattern));
}
}
public bool DeleteGroup(UUID groupID)