Use parameters in all SQL statements

Fixes #89
hnicke · Jun 21, 2018 · 57dbe0a · 57dbe0a
1 parent 7fc13b2
commit 57dbe0a
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/changelog.md b/changelog.md
@@ -1,11 +1,15 @@
 # Changelog
 
+## v0.13.3: June 21, 2018
+##### Bugfixes
+- Instead of crashing, fail gracefully when yanking current path on systems without clipboard
+- Fix handling of entries which contain special characters
+
 ## v0.13.2: June 20, 2018
 ##### Features
 - Install documentation to general doc directory
 ##### Bugfixes
 - Explicitly specify v3.6 as python version
-- Instead of crashing, fail gracefully when yanking current path on systems without clipboard
 
 ## v0.13.1: June 20, 2018
 ##### Bugfixes

diff --git a/sodalite/core/dao.py b/sodalite/core/dao.py
@@ -143,12 +143,14 @@ def insert_new_entries(entries_fs: Dict[str, Entry], entries_db: Dict[str, Entry
     for entry in reassigned_old_entries:
         update_entry(entry)
     query = f"INSERT INTO {TABLE_ENTRY} VALUES "
+    parameters = []
     for entry in new_entries.values():
-        query += "('{}','{}'),".format(entry.path, entry.key.value)
+        query += "(?,?),"
+        parameters += [entry.path, entry.key.value]
     query = query[:-1] + ';'
     conn = open_connection()
     try:
-        conn.cursor().execute(query)
+        conn.cursor().execute(query, (*parameters,))
         conn.commit()
     except sqlite3.IntegrityError:
         logger.error("Integrity error. failed to insert at least one of " + str(new_paths))

diff --git a/sodalite/main.py b/sodalite/main.py
@@ -10,7 +10,7 @@
 
 logger = logging.getLogger(__name__)
 
-VERSION = 'sodalite v0.13.2'
+VERSION = 'sodalite v0.13.3'
 
 def _io_to_tty():
     global _old_stdin