Commit 983108e9a7857c3792f6fc38f9bc63d37d43385f

Authored by soochanlee ago
1 parent f6fe192946
Exists in master

adding single quotation bug fix

Showing 2 changed files with 2 additions and 1 deletions Side-by-side Diff

project/project/controller/maria_db.py View file @ 983108e
... ... @@ -26,6 +26,7 @@
26 26  
27 27 def GetUserByName(self, name):
28 28 data = []
  29 + name = name.replace("'", "\\\'")
29 30 query = "select * from USER where name like '%"+name+"%' or email = '"+name+"';"
30 31 self.cursor.execute(query)
31 32 rows = self.cursor.fetchall()
project/project/templates/user.html View file @ 983108e
... ... @@ -59,7 +59,7 @@
59 59 {% print di['cdate'] %}
60 60 </td>
61 61 <td>
62   - <input type="button" class="btn btn-primary" style="line-height:4px;height:25px;width:50px;" value="DEL" onclick="del_user('{{ di['uid'] }}', '{{ di['name'].decode('utf-8')|safe }}')"/>
  62 + <input type="button" class="btn btn-primary" style="line-height:4px;height:25px;width:50px;" value="DEL" onclick="del_user('{{ di['uid'] }}', '{{ di['name'].replace("'","\\\'").decode('utf-8') }}')"/>
63 63 </td>
64 64  
65 65 </tr>