evilny0/fpdb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Properly escape player names

Browse Source
This commit is contained in:
Worros 2009-03-29 00:07:00 +09:00
parent ae2835cd6b
commit 0528aa74db
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pyfpdb/fpdb_simple.py
View File

@ -1393,13 +1393,15 @@ def recogniseTourneyTypeId(cursor, siteId, buyin, fee, knockout, rebuyOrAddon):
# then this can be reduced in complexity a bit
def recognisePlayerIDs(cursor, names, site_id):
cursor.execute("SELECT name,id FROM Players WHERE name='%s'" % "' OR name='".join(names)) # get all playerids by the names passed in
q = "SELECT name,id FROM Players WHERE name=%s" % " OR name=".join(["%s" for n in names])
cursor.execute(q, names) # get all playerids by the names passed in
ids = dict(cursor.fetchall()) # convert to dict
if len(ids) != len(names):
notfound = [n for n in names if n not in ids] # make list of names not in database
if notfound: # insert them into database
cursor.executemany("INSERT INTO Players (name, siteId) VALUES (%s, "+str(site_id)+")", (notfound))
cursor.execute("SELECT name,id FROM Players WHERE name='%s'" % "' OR name='".join(notfound)) # get their new ids
q2 = "SELECT name,id FROM Players WHERE name=%s" % " OR name=".join(["%s" for n in notfound])
cursor.execute(q2, notfound) # get their new ids
tmp = dict(cursor.fetchall())
for n in tmp: # put them all into the same dict
ids[n] = tmp[n]