Due to a scheduled upgrade to version 14.10, GitLab will be unavailabe on Monday 30.05., from 19:00 until 20:00.

Unverified Commit 703b0ff5 authored by Sebastian Schüpbach's avatar Sebastian Schüpbach
Browse files

escape values in sql statement

parent 1c196050
Pipeline #19081 passed with stages
in 1 minute and 55 seconds
......@@ -2,6 +2,7 @@ import logging
import numbers
import os
import time
import MySQLdb
import mysql.connector as mariadb
......@@ -44,7 +45,7 @@ class Indexer:
db_fields = [dbField for dbField in fields
if dbField in record and record[dbField] is not None]
db_values = [str(record[db_field])
db_values = [MySQLdb.escape_string(str(record[db_field]))
if isinstance(record[db_field], numbers.Number)
else "'{}'".format(record[db_field])
for db_field in db_fields]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment