diff options
author | David Athay <ko2fan@gmail.com> | 2009-07-10 10:05:47 +0100 |
---|---|---|
committer | David Athay <ko2fan@gmail.com> | 2009-07-10 10:05:47 +0100 |
commit | ea21b3bf96d116964398273f1b096f61462b35dd (patch) | |
tree | 02ace9e83bdd3051855f9578831d29350f2d5336 /src/dal/dataprovider.h | |
parent | e0884d0ac3dae67e2599c687d26823600f8c81b7 (diff) | |
download | manaserv-ea21b3bf96d116964398273f1b096f61462b35dd.tar.gz manaserv-ea21b3bf96d116964398273f1b096f61462b35dd.tar.bz2 manaserv-ea21b3bf96d116964398273f1b096f61462b35dd.tar.xz manaserv-ea21b3bf96d116964398273f1b096f61462b35dd.zip |
Changed database to using prepared statements, to stop SQL injection attacks
Diffstat (limited to 'src/dal/dataprovider.h')
-rw-r--r-- | src/dal/dataprovider.h | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/src/dal/dataprovider.h b/src/dal/dataprovider.h index f9509492..65de8ee5 100644 --- a/src/dal/dataprovider.h +++ b/src/dal/dataprovider.h @@ -178,12 +178,37 @@ class DataProvider getLastId(void) const = 0; /** - * Takes a SQL snippet and escapes special caharacters like ' to prevent - * SQL injection attacks. - * - * @param sql SQL Snippet to escape. + * Prepare SQL statement + */ + virtual bool prepareSql(const std::string &sql) = 0; + + /** + * Process SQL statement + * SQL statement needs to be prepared and parameters binded before + * calling this function + */ + virtual const RecordSet& processSql() = 0; + + /** + * Bind String + * @param place - which parameter to bind to + * @param value - the string to bind + */ + virtual void bindString(int place, const std::string &value) = 0; + + /** + * Bind Integer + * @param place - which parameter to bind to + * @param value - the integer to bind + */ + virtual void bindInteger(int place, int value) = 0; + + /** + * Bind Float + * @param place - which parameter to bind to + * @param value - the float to bind */ - std::string& escapeSQL(std::string &sql); + virtual void bindFloat(int place, float value) = 0; protected: std::string mDbName; /**< the database name */ |