From bdc6a3a084d44a1dcbe20f7ec28dbf43cc3f4b7d Mon Sep 17 00:00:00 2001
From: Eugeniy Mikhailov <evgmik@gmail.com>
Date: Thu, 3 Feb 2011 23:51:34 -0500
Subject: proper quoting of the ORDER BY argument

Ignore-this: 5d2212de0aadcc6c33bcbee4e9072fa

darcs-hash:20110204045134-067c0-2e084ef2afb5e0d0c713d645836d11286a1e3d87.gz
---
 GradeBook_lib.tcl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/GradeBook_lib.tcl b/GradeBook_lib.tcl
index 42dd708..81a22a4 100755
--- a/GradeBook_lib.tcl
+++ b/GradeBook_lib.tcl
@@ -172,7 +172,7 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 		dbg "empty sort col changed to $sort_col" 4
 	} 
 	# testing for the existense of the sorting column
-	set eval_str [list SELECT * FROM GradesTable ORDER BY $sort_col]
+	set eval_str [concat SELECT * FROM GradesTable ORDER BY \"$sort_col\"]
 	set err [catch {db eval $eval_str } errStat]
 	if { $err } {
 		dbg $errStat 3
@@ -222,7 +222,7 @@ proc htmlDBout {db permission_list user {sort_col {}}} {
 	}
 	if { $sql_column_str ne "" } {
 		# get all allowed columns and rows
-		set eval_str [concat SELECT $sql_column_str FROM GradesTable $where_statement ORDER BY $sort_col]
+		set eval_str [concat SELECT $sql_column_str FROM GradesTable $where_statement ORDER BY \"$sort_col\"]
 		set err [catch {
 				db eval $eval_str v {
 					if { $show_header } {
-- 
cgit v1.2.3