# HG changeset patch
# User casties
# Date 1330028001 -3600
# Node ID eb8a18f94d2ddd097dc8f9cbec78556bfe68a0e7
# Parent  9b7db308d2e6dcb94032f9db8cc9e857acb15888
fix some insufficient quoting and other problems.

diff -r 9b7db308d2e6 -r eb8a18f94d2d RestDbGisApi.py
--- a/RestDbGisApi.py	Thu Feb 23 08:35:26 2012 +0100
+++ b/RestDbGisApi.py	Thu Feb 23 21:13:21 2012 +0100
@@ -150,11 +150,11 @@
     
     # TODO: move this
     def getAttributeNames(self,schema='public',table=None):   
-        return self.executeSQL("SELECT attname FROM pg_attribute, pg_class WHERE pg_class.oid = attrelid AND attnum>0 AND relname = '%s';"%(table))
+        return self.executeSQL("SELECT attname FROM pg_attribute, pg_class WHERE pg_class.oid = attrelid AND attnum>0 AND relname = %s", (table))
 
     # TODO: move this
     def getAttributeTypes(self,schema='public',table=None):   
-        return self.executeSQL("SELECT field_name, gis_type FROM public.gis_table_meta_rows WHERE table_name = '%s';"%(table))
+        return self.executeSQL("SELECT field_name, gis_type FROM public.gis_table_meta_rows WHERE table_name = %s", (table))
          
     # TODO: move back to inherited version
     def showTable(self,format='XML',schema='public',table=None,REQUEST=None,RESPONSE=None):
@@ -205,7 +205,7 @@
         attrString=""
  #        try:
         for name in attrNames['rows']:
-              logging.debug("name: ", name[0])
+              logging.debug("name: %s"%name[0])
               not_added=True
               if name[0] == "the_geom":                        #FJK: the table column is "the_geom"
                      attrString=attrString+"ST_AsText("+name[0]+"),"
@@ -213,9 +213,9 @@
                      break
               for a_iter in attrTypes['rows']:
                  not_added = True
-                 logging.debug("attrTypes.field_name: ", a_iter[0])
+                 logging.debug("attrTypes.field_name: %s"%a_iter[0])
                  if a_iter[0]==name[0]:            
-                     logging.debug("attrTypes.gis_type: ", a_iter[1])            
+                     logging.debug("attrTypes.gis_type: %s"%a_iter[1])            
                      if a_iter[1] == "the_geom":                        #FJK: the table column is registered in gis_table_meta_rows as type "the_geom"
                          attrString=attrString+"ST_AsText("+name[0]+"),"
                          not_added=False
@@ -224,11 +224,11 @@
                       attrString=attrString+name[0]+","
         attrString=str(attrString).rsplit(",",1)[0] #to remove last ","
         if sortBy:
-            data = self.executeSQL('select %s from "%s"."%s" order by %s'%(attrString,schema,table,sortBy))
+            data = self.executeSQL('select %s from "%s"."%s" order by %%s'%(attrString,sqlName(schema),sqlName(table)),(sortBy,))
         else:
-            data = self.executeSQL('select %s from "%s"."%s"'%(attrString,schema,table))
+            data = self.executeSQL('select %s from "%s"."%s"'%(attrString,sqlName(schema),sqlName(table)))
  #       except:
-            """ table does not exist """
+ #           """ table does not exist """
  #           fields=self.get
   #          self.createEmptyTable(schema, table, fields)
         return data
@@ -245,7 +245,7 @@
         if colorField is None:
             colorField="red"
         # Mapping a set of points from table-based SQL-query:
-        qstr='SELECT * FROM "%s"."%s"'%(schema,table)
+        qstr='SELECT * FROM "%s"."%s"'%(sqlName(schema),sqlName(table))
         idList = None
         if ids is not None:
             qstr += ' WHERE '
@@ -291,16 +291,16 @@
             if len(geocolumn_res['rows'])>0:
                 geocolumn=geocolumn_res['rows'][0][0]
                 try:
-                    geomstr="select astext(st_simplify(transform(%s,4326),0.05)) from %s.%s"%(geocolumn,schema,table) # the string variables have to be added here and not in executeSQL!
+                    geomstr="select astext(st_simplify(transform(%s,4326),0.05)) from %s.%s"%(geocolumn,sqlName(schema),sqlName(table)) # the string variables have to be added here and not in executeSQL!
                     geomdata=self.executeSQL(geomstr)
                     teststr=geomdata.values()[1][0]
                     if (teststr == (u'MULTIPOLYGON EMPTY',)):
-                        geomstr="select astext(st_simplify(transform(%s,4326),0.05)) from %s.%s"%(geocolumn,schema,table) # the string variables have to be added here and not in executeSQL!
+                        geomstr="select astext(st_simplify(transform(%s,4326),0.05)) from %s.%s"%(geocolumn,sqlName(schema),sqlName(table)) # the string variables have to be added here and not in executeSQL!
                         geomdata=self.executeSQL(geomstr)
     
                 except:
                     try:
-                        geomstr="select chgis.astext(chgis.st_simplify(chgis.transform(%s,4326),0.05)) from %s.%s"%(geocolumn,schema,table) # the string variables have to be added here and not in executeSQL!
+                        geomstr="select chgis.astext(chgis.st_simplify(chgis.transform(%s,4326),0.05)) from %s.%s"%(geocolumn,sqlName(schema),sqlName(table)) # the string variables have to be added here and not in executeSQL!
                         geomdata=self.executeSQL(geomstr)                
                     except:
                         geomdata=None