[LON-CAPA-cvs] cvs: loncom /interface loncoursedata.pm
matthew
lon-capa-cvs@mail.lon-capa.org
Mon, 19 Jan 2004 16:31:25 -0000
matthew Mon Jan 19 11:31:25 2004 EDT
Modified files:
/loncom/interface loncoursedata.pm
Log:
Properly quote student submission data when inserting into the response
table.
Index: loncom/interface/loncoursedata.pm
diff -u loncom/interface/loncoursedata.pm:1.111 loncom/interface/loncoursedata.pm:1.112
--- loncom/interface/loncoursedata.pm:1.111 Tue Dec 16 11:47:16 2003
+++ loncom/interface/loncoursedata.pm Mon Jan 19 11:31:25 2004
@@ -1,6 +1,6 @@
# The LearningOnline Network with CAPA
#
-# $Id: loncoursedata.pm,v 1.111 2003/12/16 16:47:16 raeburn Exp $
+# $Id: loncoursedata.pm,v 1.112 2004/01/19 16:31:25 matthew Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1278,13 +1278,21 @@
while (my ($part_id,$hash2) = each (%$hash1)) {
while (my ($resp_id,$hash3) = each (%$hash2)) {
while (my ($transaction,$data) = each (%$hash3)) {
- $store_command .= "('".join("','",$symb_id,$part_id,
- $resp_id,$student_id,
- $transaction,
- $data->{'awarddetail'},
- $data->{'response_specific'},
- $data->{'response_specific_value'},
- $data->{'submission'})."'),";
+ my $submission = $data->{'submission'};
+ # We have to be careful with user supplied input.
+ # most of the time we are okay because it is escaped.
+ # However, there is one wrinkle: submissions which end in
+ # and odd number of '\' cause insert errors to occur.
+ # Best trap this somehow...
+ $submission = $dbh->quote($submission);
+ $store_command .= "('".
+ join("','",$symb_id,$part_id,
+ $resp_id,$student_id,
+ $transaction,
+ $data->{'awarddetail'},
+ $data->{'response_specific'},
+ $data->{'response_specific_value'}).
+ "',".$submission."),";
$store_rows++;
}
}