Navigation Menu

Skip to content

Commit

Permalink
[mssql] Fix inserting features into tables with an after insert trigg…
Browse files Browse the repository at this point in the history 
…er attached

Fixes #20592

(cherry picked from commit 69f6ea5)
  • Loading branch information
@roya0045 @nyalldawson
roya0045 authored and nyalldawson committed Jan 7, 2019
1 parent 8cc96e6 commit c710e0b
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions src/providers/mssql/qgsmssqlprovider.cpp
View file
Expand Up @@ -872,7 +872,15 @@ bool QgsMssqlProvider::addFeatures( QgsFeatureList &flist, Flags flags )

QString statement;
QString values;
statement = QStringLiteral( "INSERT INTO [%1].[%2] (" ).arg( mSchemaName, mTableName );
if ( !( flags & QgsFeatureSink::FastInsert ) )
{
statement += QStringLiteral( "DECLARE @px TABLE (id INT); " );
statement += QStringLiteral( "INSERT INTO [%1].[%2] (" ).arg( mSchemaName, mTableName );
}
else
{
statement += QStringLiteral( "INSERT INTO [%1].[%2] (" ).arg( mSchemaName, mTableName );
}

bool first = true;
QSqlQuery query = createQuery();
Expand Down Expand Up @@ -947,10 +955,14 @@ bool QgsMssqlProvider::addFeatures( QgsFeatureList &flist, Flags flags )
statement += QStringLiteral( ") " );
if ( !( flags & QgsFeatureSink::FastInsert ) )
{
statement += QStringLiteral( " OUTPUT inserted." ) + mFidColName;
statement += QStringLiteral( " OUTPUT inserted." ) + mFidColName + QStringLiteral( " INTO @px " );
}
statement += QStringLiteral( " VALUES (" ) + values + ')';

if ( !( flags & QgsFeatureSink::FastInsert ) )
{
statement += QStringLiteral( "; SELECT id FROM @px;" );
}
// use prepared statement to prevent from sql injection
if ( !query.prepare( statement ) )
{
Expand Down

0 comments on commit c710e0b

Please sign in to comment.