=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java 2009-12-24 14:47:25 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataanalysis/jdbc/JdbcDataAnalysisStore.java 2010-03-08 10:57:25 +0000 @@ -109,8 +109,8 @@ final String sql = "SELECT dv.dataelementid, dv.periodid, dv.sourceid, dv.categoryoptioncomboid, dv.value, dv.storedby, dv.lastupdated, " + "dv.comment, dv.followup, '" + lowerBound + "' AS minvalue, '" + upperBound + "' AS maxvalue, " + - "'" + dataElement.getName() + "' AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " + - "'" + organisationUnit.getName() + "' AS sourcename, cc.categoryoptioncomboname " + + statementBuilder.encode( dataElement.getName() ) + " AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " + + statementBuilder.encode( organisationUnit.getName() ) + " AS sourcename, cc.categoryoptioncomboname " + "FROM datavalue AS dv " + "JOIN period AS pe USING (periodid) " + "JOIN periodtype AS pt USING (periodtypeid) " + @@ -153,8 +153,9 @@ "SELECT '" + dataElement.getId() + "' AS dataelementid, pe.periodid, " + "'" + organisationUnit.getId() + "' AS sourceid, '" + categoryOptionCombo.getId() + "' AS categoryoptioncomboid, " + "'' AS value, '' AS storedby, '1900-01-01' AS lastupdated, '' AS comment, false AS followup, '0' as minvalue, '100000' as maxvalue, " + - "'" + dataElement.getName() + "' AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " + - "'" + organisationUnit.getName() + "' AS sourcename, '" + categoryOptionCombo.getName() + "' as categoryoptioncomboname " + + statementBuilder.encode( dataElement.getName() ) + " AS dataelementname, pt.name AS periodtypename, pe.startdate, pe.enddate, " + + statementBuilder.encode( organisationUnit.getName() ) + " AS sourcename, " + + statementBuilder.encode( categoryOptionCombo.getName() ) + " AS categoryoptioncomboname " + //TODO join? "FROM period AS pe " + "JOIN periodtype AS pt USING (periodtypeid) " + "WHERE periodid IN (" + periodIds + ") " + === modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java' --- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2010-02-24 12:17:43 +0000 +++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2010-03-08 10:57:25 +0000 @@ -35,6 +35,16 @@ */ public interface StatementBuilder { + final String QUOTE = "'"; + + /** + * Encodes the provided SQL value. + * + * @param value the value. + * @return the SQL encoded value. + */ + String encode( String value ); + /** * Returns the name of a double column type. * @return the name of a double column type. @@ -93,7 +103,6 @@ int getMaximumNumberOfColumns(); /** - * * Drop Dataset foreign key for DataEntryForm table * * @return === modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java' --- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java 2010-02-24 12:17:43 +0000 +++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/DerbyStatementBuilder.java 2010-03-08 10:57:25 +0000 @@ -45,6 +45,17 @@ return "DOUBLE"; } + public String encode( String value ) + { + if ( value != null ) + { + value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value; + value = value.replaceAll( QUOTE, QUOTE + QUOTE ); + } + + return QUOTE + value + QUOTE; + } + public String getPeriodIdentifierStatement( Period period ) { return === modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java' --- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java 2010-02-24 12:17:43 +0000 +++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/H2StatementBuilder.java 2010-03-08 10:57:25 +0000 @@ -45,6 +45,17 @@ return "DOUBLE"; } + public String encode( String value ) + { + if ( value != null ) + { + value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value; + value = value.replaceAll( QUOTE, QUOTE + QUOTE ); + } + + return QUOTE + value + QUOTE; + } + public String getPeriodIdentifierStatement( Period period ) { return === modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java' --- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java 2010-02-24 12:17:43 +0000 +++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/MySQLStatementBuilder.java 2010-03-08 10:57:25 +0000 @@ -44,6 +44,17 @@ { return "DOUBLE"; } + + public String encode( String value ) + { + if ( value != null ) + { + value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value; + value = value.replaceAll( QUOTE, "\\\\" + QUOTE ); + } + + return QUOTE + value + QUOTE; + } public String getPeriodIdentifierStatement( Period period ) { === modified file 'dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java' --- dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java 2010-02-24 12:17:43 +0000 +++ dhis-2/dhis-services/dhis-service-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/PostgreSQLStatementBuilder.java 2010-03-08 10:57:25 +0000 @@ -45,6 +45,17 @@ return "DOUBLE PRECISION"; } + public String encode( String value ) + { + if ( value != null ) + { + value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value; + value = value.replaceAll( QUOTE, "\\\\" + QUOTE ); + } + + return QUOTE + value + QUOTE; + } + public String getPeriodIdentifierStatement( Period period ) { return