#463: BibAuthorID: clean SQL statements
-------------------------+--------------------------------------------------
Reporter: simko | Owner:
Type: defect | Status: new
Priority: major | Milestone: v1.0
Component: BibAuthorID | Version:
Keywords: |
-------------------------+--------------------------------------------------
The SQL statements of BibAuthorID should be cleaned: (i) there are
several `SELECT * FROM` statements which are error-prone WRT column
position changes (which may occurs when table structure gets updated);
(ii) there are apparently unescaped arguments that should be either
passed as tuples in the usual way (e.g. see `query_addons` technique),
or, if it is sure that they were washed beforehand and/or they are
coming from prior queries returning only good type, they should be
written in a string concatenation style not raising kwalitee warnings.
(And adding a note that if was double-checked that this query does not
lead to SQL injection type of problems.)
{{{
./bibauthorid_personid_tables_utils.py:78: pid_rows =
run_sql("select * from aidPERSONID where tag='paper' and data like %s",
('%,' + str(paper[0]),))
./bibauthorid_personid_tables_utils.py:1072: sql_query = 'select * from
aidUSERINPUTLOG where 1 '
./bibauthorid_personid_tables_utils.py:1386: prow = run_sql("select *
from aidPERSONID where tag=%s and data =%s"
./bibauthorid_personid_tables_utils.py:1567: pid = run_sql("select *
from aidPERSONID where tag=%s and data=%s", ('uid', str(uid[0][0])))
./bibauthorid_personid_tables_utils.py:1586: uid =
run_sql("select * from aidPERSONID where tag=%s and personid=%s", ('uid',
str(p[0])))
./bibauthorid_tables_utils.py:235: abfs_ids_bunch = run_sql("select *
from aidAUTHORNAMESBIBREFS limit %s, %s"
./bibauthorid_tables_utils.py:299: authrow =
run_sql("select * from aidAUTHORNAMES where id=%s",
(str(id_to_remove[1]),))
./bibauthorid_tables_utils.py:318: abfs_ids_bunch = run_sql("select
* from aidAUTHORNAMESBIBREFS limit %s,%s" %
./bibauthorid_tables_utils.py:340: authornames_row =
run_sql("select * from aidAUTHORNAMES where db_name like %s",
./bibauthorid_tables_utils.py:342: authornames_bibrefs_row =
run_sql("select * from aidAUTHORNAMESBIBREFS "
./bibauthorid_tables_utils.py:493: authorexists =
run_sql("SELECT * FROM aidAUTHORNAMES "
./bibauthorid_tables_utils.py:813: check_on_va =
run_sql("SELECT * FROM aidVIRTUALAUTHORSDATA "
./bibauthorid_tables_utils.py:995: check_on_va =
run_sql("SELECT * FROM aidVIRTUALAUTHORSDATA "
./bibauthorid_tables_utils.py:508: run_sql("INSERT INTO
aidAUTHORNAMES VALUES"
./bibauthorid_tables_utils.py:399: bibrefs = run_sql(("select
id_bibxxx from %s where id_bibrec='%s'")
./bibauthorid_tables_utils.py:402: name = run_sql("select
value from %s where tag='%s' and id='%s'" %
./bibauthorid_personid_tables_utils.py:62: bibrefs100 =
run_sql("select id from bib10x where tag='100__a' and id in %s" %
fullbibrefs100str)
./bibauthorid_personid_tables_utils.py:66: bibrefs700 =
run_sql("select id from bib70x where tag='700__a' and id in %s" %
fullbibrefs700str)
}}}
--
Ticket URL: <http://invenio-software.org/ticket/463>
Invenio <http://invenio-software.org>
