Fixes: U4-5566 Quite a few hard coded queries with incorrect escape syntax for mysql
This commit is contained in:
Shannon
@@ -290,7 +290,7 @@ namespace Umbraco.Core.Persistence.Repositories
|
|||||||
|
|
||||||
if (withGrouping)
|
if (withGrouping)
|
||||||
{
|
{
|
||||||
sql = sql.Select("cmsTags.Id, cmsTags.Tag, cmsTags.[Group], Count(*) NodeCount");
|
sql = sql.Select("cmsTags.Id, cmsTags.Tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @", Count(*) NodeCount");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -320,7 +320,7 @@ namespace Umbraco.Core.Persistence.Repositories
|
|||||||
|
|
||||||
private Sql ApplyGroupByToTagsQuery(Sql sql)
|
private Sql ApplyGroupByToTagsQuery(Sql sql)
|
||||||
{
|
{
|
||||||
return sql.GroupBy(new string[] { "cmsTags.Id", "cmsTags.Tag", "cmsTags.[Group]" });
|
return sql.GroupBy(new string[] { "cmsTags.Id", "cmsTags.Tag", "cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @"" });
|
||||||
}
|
}
|
||||||
|
|
||||||
private IEnumerable<ITag> ExecuteTagsQuery(Sql sql)
|
private IEnumerable<ITag> ExecuteTagsQuery(Sql sql)
|
||||||
@@ -443,7 +443,7 @@ namespace Umbraco.Core.Persistence.Repositories
|
|||||||
" AND tagId IN ",
|
" AND tagId IN ",
|
||||||
"(SELECT id FROM cmsTags INNER JOIN ",
|
"(SELECT id FROM cmsTags INNER JOIN ",
|
||||||
tagSetSql,
|
tagSetSql,
|
||||||
" ON (TagSet.Tag = cmsTags.Tag and TagSet.[Group] = cmsTags.[Group]))");
|
" ON (TagSet.Tag = cmsTags.Tag and TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @" = cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @"))");
|
||||||
|
|
||||||
Database.Execute(deleteSql);
|
Database.Execute(deleteSql);
|
||||||
}
|
}
|
||||||
@@ -491,7 +491,7 @@ namespace Umbraco.Core.Persistence.Repositories
|
|||||||
{
|
{
|
||||||
var array = tagsToInsert
|
var array = tagsToInsert
|
||||||
.Select(tag =>
|
.Select(tag =>
|
||||||
string.Format("select '{0}' as Tag, '{1}' as [Group]",
|
string.Format("select '{0}' as Tag, '{1}' as " + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @"",
|
||||||
PetaPocoExtensions.EscapeAtSymbols(tag.Text.Replace("'", "''")), tag.Group))
|
PetaPocoExtensions.EscapeAtSymbols(tag.Text.Replace("'", "''")), tag.Group))
|
||||||
.ToArray();
|
.ToArray();
|
||||||
return "(" + string.Join(" union ", array).Replace(" ", " ") + ") as TagSet";
|
return "(" + string.Join(" union ", array).Replace(" ", " ") + ") as TagSet";
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ using System.Web;
|
|||||||
using System.Web.Script.Serialization;
|
using System.Web.Script.Serialization;
|
||||||
using System.Web.Services;
|
using System.Web.Services;
|
||||||
using Umbraco.Core.Logging;
|
using Umbraco.Core.Logging;
|
||||||
|
using Umbraco.Core.Persistence.SqlSyntax;
|
||||||
using umbraco.DataLayer;
|
using umbraco.DataLayer;
|
||||||
using umbraco.BusinessLogic;
|
using umbraco.BusinessLogic;
|
||||||
using umbraco.presentation.webservices;
|
using umbraco.presentation.webservices;
|
||||||
@@ -45,7 +46,7 @@ namespace umbraco.presentation.umbraco.webservices
|
|||||||
if (!String.IsNullOrEmpty(group) && !String.IsNullOrEmpty(id))
|
if (!String.IsNullOrEmpty(group) && !String.IsNullOrEmpty(id))
|
||||||
{
|
{
|
||||||
sql = @"SELECT TOP (20) tag FROM cmsTags WHERE tag LIKE @prefix AND cmsTags.id not in
|
sql = @"SELECT TOP (20) tag FROM cmsTags WHERE tag LIKE @prefix AND cmsTags.id not in
|
||||||
(SELECT tagID FROM cmsTagRelationShip WHERE NodeId = @nodeId) AND cmstags.[group] = @group;";
|
(SELECT tagID FROM cmsTagRelationShip WHERE NodeId = @nodeId) AND cmstags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + " = @group;";
|
||||||
|
|
||||||
rr = SqlHelper.ExecuteReader(sql,
|
rr = SqlHelper.ExecuteReader(sql,
|
||||||
SqlHelper.CreateParameter("@count", count),
|
SqlHelper.CreateParameter("@count", count),
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ using System.Text;
|
|||||||
using Umbraco.Core;
|
using Umbraco.Core;
|
||||||
using Umbraco.Core.Logging;
|
using Umbraco.Core.Logging;
|
||||||
using Umbraco.Core.Models.Rdbms;
|
using Umbraco.Core.Models.Rdbms;
|
||||||
|
using Umbraco.Core.Persistence.SqlSyntax;
|
||||||
using umbraco.DataLayer;
|
using umbraco.DataLayer;
|
||||||
using umbraco.BusinessLogic;
|
using umbraco.BusinessLogic;
|
||||||
using umbraco.interfaces;
|
using umbraco.interfaces;
|
||||||
@@ -157,7 +158,7 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
sql += " (";
|
sql += " (";
|
||||||
sql += " select NewTags.Id from ";
|
sql += " select NewTags.Id from ";
|
||||||
sql += " " + TagSet + " ";
|
sql += " " + TagSet + " ";
|
||||||
sql += " inner join cmsTags as NewTags on (TagSet.Tag = NewTags.Tag and TagSet.[Group] = TagSet.[Group]) ";
|
sql += " inner join cmsTags as NewTags on (TagSet.Tag = NewTags.Tag and TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + " = TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + ") ";
|
||||||
sql += " ) as NewTagsSet ";
|
sql += " ) as NewTagsSet ";
|
||||||
sql += " on (cmsTagRelationship.TagId = NewTagsSet.Id and cmsTagRelationship.NodeId = " + string.Format("{0}", nodeId) + ") ";
|
sql += " on (cmsTagRelationship.TagId = NewTagsSet.Id and cmsTagRelationship.NodeId = " + string.Format("{0}", nodeId) + ") ";
|
||||||
sql += " inner join cmsTags as OldTags on (cmsTagRelationship.tagId = OldTags.Id) ";
|
sql += " inner join cmsTags as OldTags on (cmsTagRelationship.tagId = OldTags.Id) ";
|
||||||
@@ -166,10 +167,10 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
SqlHelper.ExecuteNonQuery(sql);
|
SqlHelper.ExecuteNonQuery(sql);
|
||||||
|
|
||||||
//adds any tags found in csv that aren't in cmsTag for that group
|
//adds any tags found in csv that aren't in cmsTag for that group
|
||||||
sql = "insert into cmsTags (Tag,[Group]) ";
|
sql = "insert into cmsTags (Tag," + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @") ";
|
||||||
sql += " select TagSet.[Tag], TagSet.[Group] from ";
|
sql += " select TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Tag") + @", TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + @" from ";
|
||||||
sql += " " + TagSet + " ";
|
sql += " " + TagSet + " ";
|
||||||
sql += " left outer join cmsTags on (TagSet.Tag = cmsTags.Tag and TagSet.[Group] = cmsTags.[Group])";
|
sql += " left outer join cmsTags on (TagSet.Tag = cmsTags.Tag and TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + " = cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + ")";
|
||||||
sql += " where cmsTags.Id is null ";
|
sql += " where cmsTags.Id is null ";
|
||||||
SqlHelper.ExecuteNonQuery(sql);
|
SqlHelper.ExecuteNonQuery(sql);
|
||||||
|
|
||||||
@@ -179,7 +180,7 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
sql += "( ";
|
sql += "( ";
|
||||||
sql += "select NewTags.Id from ";
|
sql += "select NewTags.Id from ";
|
||||||
sql += " " + TagSet + " ";
|
sql += " " + TagSet + " ";
|
||||||
sql += "inner join cmsTags as NewTags on (TagSet.Tag = NewTags.Tag and TagSet.[Group] = TagSet.[Group]) ";
|
sql += "inner join cmsTags as NewTags on (TagSet.Tag = NewTags.Tag and TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + " = TagSet." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group") + ") ";
|
||||||
sql += ") as NewTagsSet ";
|
sql += ") as NewTagsSet ";
|
||||||
sql += "left outer join cmsTagRelationship ";
|
sql += "left outer join cmsTagRelationship ";
|
||||||
sql += "on (cmsTagRelationship.TagId = NewTagsSet.Id and cmsTagRelationship.NodeId = " + string.Format("{0}", nodeId) + ") ";
|
sql += "on (cmsTagRelationship.TagId = NewTagsSet.Id and cmsTagRelationship.NodeId = " + string.Format("{0}", nodeId) + ") ";
|
||||||
@@ -217,7 +218,7 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
/// <param name="group"></param>
|
/// <param name="group"></param>
|
||||||
public static void RemoveTagsFromNode(int nodeId, string group)
|
public static void RemoveTagsFromNode(int nodeId, string group)
|
||||||
{
|
{
|
||||||
SqlHelper.ExecuteNonQuery("DELETE FROM cmsTagRelationship WHERE (nodeId = @nodeId) AND EXISTS (SELECT id FROM cmsTags WHERE (cmsTagRelationship.tagId = id) AND ([group] = @group));",
|
SqlHelper.ExecuteNonQuery("DELETE FROM cmsTagRelationship WHERE (nodeId = @nodeId) AND EXISTS (SELECT id FROM cmsTags WHERE (cmsTagRelationship.tagId = id) AND (" + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + " = @group));",
|
||||||
SqlHelper.CreateParameter("@nodeId", nodeId),
|
SqlHelper.CreateParameter("@nodeId", nodeId),
|
||||||
SqlHelper.CreateParameter("@group", group));
|
SqlHelper.CreateParameter("@group", group));
|
||||||
}
|
}
|
||||||
@@ -241,7 +242,7 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
|
|
||||||
public static int AddTag(string tag, string group)
|
public static int AddTag(string tag, string group)
|
||||||
{
|
{
|
||||||
SqlHelper.ExecuteNonQuery("INSERT INTO cmsTags(tag,[group]) VALUES (@tag,@group)",
|
SqlHelper.ExecuteNonQuery("INSERT INTO cmsTags(tag," + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + ") VALUES (@tag,@group)",
|
||||||
SqlHelper.CreateParameter("@tag", tag.Trim()),
|
SqlHelper.CreateParameter("@tag", tag.Trim()),
|
||||||
SqlHelper.CreateParameter("@group", group));
|
SqlHelper.CreateParameter("@group", group));
|
||||||
return GetTagId(tag, group);
|
return GetTagId(tag, group);
|
||||||
@@ -250,7 +251,7 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
public static int GetTagId(string tag, string group)
|
public static int GetTagId(string tag, string group)
|
||||||
{
|
{
|
||||||
int retval = 0;
|
int retval = 0;
|
||||||
string sql = "SELECT id FROM cmsTags where tag=@tag AND [group]=@group;";
|
string sql = "SELECT id FROM cmsTags where tag=@tag AND " + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + "=@group;";
|
||||||
object result = SqlHelper.ExecuteScalar<object>(sql,
|
object result = SqlHelper.ExecuteScalar<object>(sql,
|
||||||
SqlHelper.CreateParameter("@tag", tag),
|
SqlHelper.CreateParameter("@tag", tag),
|
||||||
SqlHelper.CreateParameter("@group", group));
|
SqlHelper.CreateParameter("@group", group));
|
||||||
@@ -263,10 +264,10 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
|
|
||||||
public static IEnumerable<Tag> GetTags(int nodeId, string group)
|
public static IEnumerable<Tag> GetTags(int nodeId, string group)
|
||||||
{
|
{
|
||||||
var sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags.[group], count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
var sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + @", count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
||||||
INNER JOIN cmsTagRelationship ON cmsTagRelationShip.tagId = cmsTags.id
|
INNER JOIN cmsTagRelationship ON cmsTagRelationShip.tagId = cmsTags.id
|
||||||
WHERE cmsTags.[group] = @group AND cmsTagRelationship.nodeid = @nodeid
|
WHERE cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + @" = @group AND cmsTagRelationship.nodeid = @nodeid
|
||||||
GROUP BY cmsTags.id, cmsTags.tag, cmsTags.[group]";
|
GROUP BY cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group");
|
||||||
|
|
||||||
return ConvertSqlToTags(sql,
|
return ConvertSqlToTags(sql,
|
||||||
SqlHelper.CreateParameter("@group", group),
|
SqlHelper.CreateParameter("@group", group),
|
||||||
@@ -282,10 +283,10 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
public static IEnumerable<Tag> GetTags(int nodeId)
|
public static IEnumerable<Tag> GetTags(int nodeId)
|
||||||
{
|
{
|
||||||
|
|
||||||
string sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags.[group], count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
string sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + @", count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
||||||
INNER JOIN cmsTagRelationShip ON cmsTagRelationShip.tagid = cmsTags.id
|
INNER JOIN cmsTagRelationShip ON cmsTagRelationShip.tagid = cmsTags.id
|
||||||
WHERE cmsTagRelationShip.nodeid = @nodeId
|
WHERE cmsTagRelationShip.nodeid = @nodeId
|
||||||
GROUP BY cmsTags.id, cmsTags.tag, cmsTags.[group]";
|
GROUP BY cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group");
|
||||||
|
|
||||||
return ConvertSqlToTags(sql, SqlHelper.CreateParameter("@nodeId", nodeId));
|
return ConvertSqlToTags(sql, SqlHelper.CreateParameter("@nodeId", nodeId));
|
||||||
|
|
||||||
@@ -299,10 +300,10 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
public static IEnumerable<Tag> GetTags(string group)
|
public static IEnumerable<Tag> GetTags(string group)
|
||||||
{
|
{
|
||||||
|
|
||||||
string sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags.[group], count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
string sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + @", count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
||||||
INNER JOIN cmsTagRelationShip ON cmsTagRelationShip.tagid = cmsTags.id
|
INNER JOIN cmsTagRelationShip ON cmsTagRelationShip.tagid = cmsTags.id
|
||||||
WHERE cmsTags.[group] = @group
|
WHERE cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + @" = @group
|
||||||
GROUP BY cmsTags.id, cmsTags.tag, cmsTags.[group]";
|
GROUP BY cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group");
|
||||||
|
|
||||||
return ConvertSqlToTags(sql, SqlHelper.CreateParameter("@group", group));
|
return ConvertSqlToTags(sql, SqlHelper.CreateParameter("@group", group));
|
||||||
|
|
||||||
@@ -316,9 +317,9 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
public static IEnumerable<Tag> GetTags()
|
public static IEnumerable<Tag> GetTags()
|
||||||
{
|
{
|
||||||
|
|
||||||
string sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags.[group], count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
string sql = @"SELECT cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group") + @", count(cmsTagRelationShip.tagid) AS nodeCount FROM cmsTags
|
||||||
LEFT JOIN cmsTagRelationShip ON cmsTagRelationShip.tagid = cmsTags.id
|
LEFT JOIN cmsTagRelationShip ON cmsTagRelationShip.tagid = cmsTags.id
|
||||||
GROUP BY cmsTags.id, cmsTags.tag, cmsTags.[group]";
|
GROUP BY cmsTags.id, cmsTags.tag, cmsTags." + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("group");
|
||||||
|
|
||||||
return ConvertSqlToTags(sql);
|
return ConvertSqlToTags(sql);
|
||||||
|
|
||||||
@@ -366,7 +367,7 @@ namespace umbraco.cms.businesslogic.Tags
|
|||||||
private static string GetSqlSet(string commaSeparatedArray, string group)
|
private static string GetSqlSet(string commaSeparatedArray, string group)
|
||||||
{
|
{
|
||||||
// create array
|
// create array
|
||||||
var array = commaSeparatedArray.Trim().Split(',').ToList().ConvertAll(tag => string.Format("select '{0}' as Tag, '{1}' as [Group]", tag.Replace("'", ""), group)).ToArray();
|
var array = commaSeparatedArray.Trim().Split(',').ToList().ConvertAll(tag => string.Format("select '{0}' as Tag, '{1}' as " + SqlSyntaxContext.SqlSyntaxProvider.GetQuotedColumnName("Group"), tag.Replace("'", ""), group)).ToArray();
|
||||||
return "(" + string.Join(" union ", array).Replace(" ", " ") + ") as TagSet";
|
return "(" + string.Join(" union ", array).Replace(" ", " ") + ") as TagSet";
|
||||||
}
|
}
|
||||||
private static string GetSqlStringArray(string commaSeparatedArray)
|
private static string GetSqlStringArray(string commaSeparatedArray)
|
||||||
|
|||||||
Reference in New Issue
Block a user