Fix SQL escaping in wiki parser.

[ccbs] / parse / parse-wiki-songlist.pl

diff --git a/parse/parse-wiki-songlist.pl b/parse/parse-wiki-songlist.pl
index bfd4ccfb6a44e6f7a15a06c956912615bea0f4aa..169dbd26552cbde95c68eaf7dae5e7958a063256 100644 (file)
--- a/parse/parse-wiki-songlist.pl
+++ b/parse/parse-wiki-songlist.pl
@@ -27,8 +27,8 @@ while (<>) {
        $artist =~ s/\[\[//g;
 
        # minimal SQL escaping
-       $songname =~ s/'/\'/g;
-       $artist =~ s/'/\'/g;
+       $songname =~ s/'/\\'/g;
+       $artist =~ s/'/\\'/g;
 
        $maxbpm = $minbpm if (!defined($maxbpm));
        ($maxbpm,$minbpm) = ($minbpm,$maxbpm) if ($maxbpm < $minbpm);
@@ -38,10 +38,10 @@ while (<>) {
        
        for my $t (['single', 'beginner', $sb],
                    ['single', 'standard', $ss],
-                   ['single', 'difficulty', $sd],
+                   ['single', 'difficult', $sd],
                    ['single', 'expert', $se],
                    ['double', 'standard', $ds],
-                   ['double', 'difficulty', $dd],
+                   ['double', 'difficult', $dd],
                    ['double', 'expert', $de]) {
                printf "INSERT INTO songratings (song,playmode,difficulty,feetrating) VALUES ((SELECT song FROM songs WHERE title='%s'),'%s','%s',%u);\n",
                        $songname, $t->[0], $t->[1], $t->[2];