Ah, I see the problem:
my $sql = ("SELECT url, playCount, lastPlayed, rating FROM
track_statistics where url='$searchString'");
...
$sth->execute();
I believe this works:
my $sql = ("SELECT url, playCount, lastPlayed, rating FROM
track_statistics where url=?");
...
$sth->execute($searchString);
That will force the DBI layer to escape/quote things.
sendTrackToStorage should have the same thing (it's not getting that
far when I have a single quote, but it will if the lines above
change..)
--
snarlydwarf
------------------------------------------------------------------------
snarlydwarf's Profile: http://forums.slimdevices.com/member.php?userid=1179
View this thread: http://forums.slimdevices.com/showthread.php?t=20533
_______________________________________________
plugins mailing list
[email protected]
http://lists.slimdevices.com/lists/listinfo/plugins
