Closed Bug 318490 Opened 19 years ago Closed 19 years ago

don't append strings directly into statements

Categories

(Firefox :: Bookmarks & History, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: bryner, Assigned: bryner)

References

Details

Attachments

(1 file)

brettw points out that constructing statements by concatenating strings (which correspond to column values) is a bad idea, because you have to make sure the string is properly quoted.  It's better to just use parameters in the statement.
Attached patch patchSplinter Review
I only found two places where this was happening (one of them was already being quoted, but I changed it to a statement for consistency).
Attachment #204645 - Flags: review?(brettw)
Comment on attachment 204645 [details] [diff] [review]
patch

>Index: nsNavBookmarks.cpp
>===================================================================
>+  {
>+    nsCOMPtr<mozIStorageStatement> statement;
>+    rv = dbConn->CreateStatement(NS_LITERAL_CSTRING("INSERT INTO moz_bookmarks_containers (name) VALUES (?1)"),
>+                                 getter_AddRefs(statement));
>+    NS_ENSURE_SUCCESS(rv, rv);
>+
>+    rv = statement->Execute();
>+    NS_ENSURE_SUCCESS(rv, rv);

You forgot to bind the name!

r=me with this fixed.
Attachment #204645 - Flags: review?(brettw) → review+
checked in
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
*** Bug 318434 has been marked as a duplicate of this bug. ***
Bug 451915 - move Firefox/Places bugs to Firefox/Bookmarks and History. Remove all bugspam from this move by filtering for the string "places-to-b-and-h".

In Thunderbird 3.0b, you do that as follows:
Tools | Message Filters
Make sure the correct account is selected. Click "New"
Conditions: Body   contains   places-to-b-and-h
Change the action to "Delete Message".
Select "Manually Run" from the dropdown at the top.
Click OK.

Select the filter in the list, make sure "Inbox" is selected at the bottom, and click "Run Now". This should delete all the bugspam. You can then delete the filter.

Gerv
Component: Places → Bookmarks & History
QA Contact: places → bookmarks
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: