$artist =~ s/\[\[//g;
# minimal SQL escaping
- $songname =~ s/'/\'/g;
- $artist =~ s/'/\'/g;
+ $songname =~ s/'/\\'/g;
+ $artist =~ s/'/\\'/g;
$maxbpm = $minbpm if (!defined($maxbpm));
($maxbpm,$minbpm) = ($minbpm,$maxbpm) if ($maxbpm < $minbpm);
for my $t (['single', 'beginner', $sb],
['single', 'standard', $ss],
- ['single', 'difficulty', $sd],
+ ['single', 'difficult', $sd],
['single', 'expert', $se],
['double', 'standard', $ds],
- ['double', 'difficulty', $dd],
+ ['double', 'difficult', $dd],
['double', 'expert', $de]) {
printf "INSERT INTO songratings (song,playmode,difficulty,feetrating) VALUES ((SELECT song FROM songs WHERE title='%s'),'%s','%s',%u);\n",
$songname, $t->[0], $t->[1], $t->[2];