escape

diff --git a/Wiki.hs b/Wiki.hs
index 4ff75751ea71d396fa2ae0c0ac9c5ba9124bbd37..d7ce7bcd912305223137ad8a72f141f255cfb165 100644 (file)
--- a/Wiki.hs
+++ b/Wiki.hs
@@ -5,6 +5,7 @@ module Wiki (
 ) where
 
 import Dbconnect
+import Data.Char
 
 class WB a where
        --Keyword -> (Full text,date)
@@ -17,7 +18,7 @@ class WB a where
        get :: a -> String -> String -> IO String
 
        --Keyword -> id -> ()
-       setCurrent :: a -> String -> String -> IO ()
+       setCurrent :: a -> String -> String -> IO Int
 
        --Keyword -> Full text -> id
        addNew :: a -> String -> String -> IO String
@@ -33,16 +34,17 @@ testDB = createPGB "wave" "wiki" "wiki" "12wiki34db"
 instance WB PGB where
 
        getCurrent (PGB db) key = do 
-               [[text,date]] <- selectReturnTuples db $ "SELECT fulltext,timestamp FROM curtexts where keyword='"++key++"'"
+               [[text,date]] <- selectReturnTuples db $ "SELECT fulltext,timestamp FROM curtexts where keyword='"++(escapeQuery key)++"'"
                return (text,date)
 
        getList (PGB db) key = do
-               list <- selectReturnTuples db $ "SELECT id, timestamp, author, comment from fulltexts where keyword = '"++key++"'"
+               list <- selectReturnTuples db $ "SELECT id, timestamp, author, comment from fulltexts where keyword = '"++(escapeQuery key)++"'"
                return $ map (\[id,date,author,comment] -> (id,date,author,comment)) list
 
        get (PGB db) key id = return ""
 
-       setCurrent (PGB db) key id = return ()
+       setCurrent (PGB db) key id = 
+               execute db $ "UPDATE current SET id = '"++(escapeQuery id)++"' where keyword = '"++(escapeQuery key)++"'"
 
        addNew (PGB db) key text = return ""