proper quoting of the ORDER BY argument

Ignore-this: 5d2212de0aadcc6c33bcbee4e9072fa darcs-hash:20110204045134-067c0-2e084ef2afb5e0d0c713d645836d11286a1e3d87.gz
author: Eugeniy Mikhailov <evgmik@gmail.com> 2011-02-03 23:51:34 -0500
committer: Eugeniy Mikhailov <evgmik@gmail.com> 2011-02-03 23:51:34 -0500
commit: bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d (patch)
tree: bd43dbe64b3645d49c4982e2affdc650505edb4c
parent: e2533098067dbfdaca0919706ee31802e16a2ff6 (diff)
download: GradeBook-bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d.tar.gz
GradeBook-bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl
index 42dd708..81a22a4 100755
--- a/GradeBook_lib.tcl
+++ b/GradeBook_lib.tcl
@@ -172,7 +172,7 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 		dbg "empty sort col changed to $sort_col" 4
 	} 
 	# testing for the existense of the sorting column
-	set eval_str [list SELECT * FROM GradesTable ORDER BY $sort_col]
+	set eval_str [concat SELECT * FROM GradesTable ORDER BY \"$sort_col\"]
 	set err [catch {db eval $eval_str } errStat]
 	if { $err } {
 		dbg $errStat 3
@@ -222,7 +222,7 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 	}
 	if { $sql_column_str ne "" } {
 		# get all allowed columns and rows
-		set eval_str [concat SELECT $sql_column_str FROM GradesTable $where_statement ORDER BY $sort_col]
+		set eval_str [concat SELECT $sql_column_str FROM GradesTable $where_statement ORDER BY \"$sort_col\"]
 		set err [catch {
 				db eval $eval_str v {
 					if { $show_header } {
author	Eugeniy Mikhailov <evgmik@gmail.com>	2011-02-03 23:51:34 -0500
committer	Eugeniy Mikhailov <evgmik@gmail.com>	2011-02-03 23:51:34 -0500
commit	bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d (patch)
tree	bd43dbe64b3645d49c4982e2affdc650505edb4c
parent	e2533098067dbfdaca0919706ee31802e16a2ff6 (diff)
download	GradeBook-bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d.tar.gz GradeBook-bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d.zip