From 4f0ceb93a3cf4cc64f0809445e3b05beffcaf8ce Mon Sep 17 00:00:00 2001
From: Michael Andreen <harv@ruin.nu>
Date: Sun, 5 Dec 2004 18:03:09 +0000
Subject: [PATCH] escape

---
 Wiki.hs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Wiki.hs b/Wiki.hs
index 4ff7575..d7ce7bc 100644
--- a/Wiki.hs
+++ b/Wiki.hs
@@ -5,6 +5,7 @@ module Wiki (
 ) where
 
 import Dbconnect
+import Data.Char
 
 class WB a where
 	--Keyword -> (Full text,date)
@@ -17,7 +18,7 @@ class WB a where
 	get :: a -> String -> String -> IO String
 
 	--Keyword -> id -> ()
-	setCurrent :: a -> String -> String -> IO ()
+	setCurrent :: a -> String -> String -> IO Int
 
 	--Keyword -> Full text -> id
 	addNew :: a -> String -> String -> IO String
@@ -33,16 +34,17 @@ testDB = createPGB "wave" "wiki" "wiki" "12wiki34db"
 instance WB PGB where
 
 	getCurrent (PGB db) key = do 
-		[[text,date]] <- selectReturnTuples db $ "SELECT fulltext,timestamp FROM curtexts where keyword='"++key++"'"
+		[[text,date]] <- selectReturnTuples db $ "SELECT fulltext,timestamp FROM curtexts where keyword='"++(escapeQuery key)++"'"
 		return (text,date)
 
 	getList (PGB db) key = do
-		list <- selectReturnTuples db $ "SELECT id, timestamp, author, comment from fulltexts where keyword = '"++key++"'"
+		list <- selectReturnTuples db $ "SELECT id, timestamp, author, comment from fulltexts where keyword = '"++(escapeQuery key)++"'"
 		return $ map (\[id,date,author,comment] -> (id,date,author,comment)) list
 
 	get (PGB db) key id = return ""
 
-	setCurrent (PGB db) key id = return ()
+	setCurrent (PGB db) key id = 
+		execute db $ "UPDATE current SET id = '"++(escapeQuery id)++"' where keyword = '"++(escapeQuery key)++"'"
 
 	addNew (PGB db) key text = return ""
 
-- 
2.39.2