don't append strings directly into statements

RESOLVED FIXED

Status

()

RESOLVED FIXED
13 years ago
9 years ago

People

(Reporter: bryner, Assigned: bryner)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

13 years ago
brettw points out that constructing statements by concatenating strings (which correspond to column values) is a bad idea, because you have to make sure the string is properly quoted.  It's better to just use parameters in the statement.
(Assignee)

Comment 1

13 years ago
Created attachment 204645 [details] [diff] [review]
patch

I only found two places where this was happening (one of them was already being quoted, but I changed it to a statement for consistency).
Attachment #204645 - Flags: review?(brettw)

Comment 2

13 years ago
Comment on attachment 204645 [details] [diff] [review]
patch

>Index: nsNavBookmarks.cpp
>===================================================================
>+  {
>+    nsCOMPtr<mozIStorageStatement> statement;
>+    rv = dbConn->CreateStatement(NS_LITERAL_CSTRING("INSERT INTO moz_bookmarks_containers (name) VALUES (?1)"),
>+                                 getter_AddRefs(statement));
>+    NS_ENSURE_SUCCESS(rv, rv);
>+
>+    rv = statement->Execute();
>+    NS_ENSURE_SUCCESS(rv, rv);

You forgot to bind the name!

r=me with this fixed.
Attachment #204645 - Flags: review?(brettw) → review+
(Assignee)

Comment 3

13 years ago
checked in
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
*** Bug 318434 has been marked as a duplicate of this bug. ***
Bug 451915 - move Firefox/Places bugs to Firefox/Bookmarks and History. Remove all bugspam from this move by filtering for the string "places-to-b-and-h".

In Thunderbird 3.0b, you do that as follows:
Tools | Message Filters
Make sure the correct account is selected. Click "New"
Conditions: Body   contains   places-to-b-and-h
Change the action to "Delete Message".
Select "Manually Run" from the dropdown at the top.
Click OK.

Select the filter in the list, make sure "Inbox" is selected at the bottom, and click "Run Now". This should delete all the bugspam. You can then delete the filter.

Gerv
Component: Places → Bookmarks & History
QA Contact: places → bookmarks
You need to log in before you can comment on or make changes to this bug.