From aa9346222e950e2b536d767a197ad2f5504ca4c5 Mon Sep 17 00:00:00 2001
From: JackDandy <jackdandy@users.noreply.github.com>
Date: Sat, 13 Dec 2014 02:46:14 +0000
Subject: [PATCH] Fix SQL statements that have dynamic table names to use
 proper syntax.

---
 CHANGES.md                     |  1 +
 sickbeard/blackandwhitelist.py |  8 ++++----
 sickbeard/db.py                | 26 +++++++++++++-------------
 3 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 97b6b20b..656b3ea3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,7 @@
 * Overhaul all Add Show pages
 * Fix Display Show next/previous when show list is split
 * Change Display Show next/previous when show list is not split to loop around
+* Fix SQL statements that have dynamic table names to use proper syntax
 
 [develop changelog]
 * Add TVRage network name standardization
diff --git a/sickbeard/blackandwhitelist.py b/sickbeard/blackandwhitelist.py
index 70b35cd0..40414b73 100644
--- a/sickbeard/blackandwhitelist.py
+++ b/sickbeard/blackandwhitelist.py
@@ -98,7 +98,7 @@ class BlackAndWhiteList(object):
     def _add_keywords(self, table, range, values):
         myDB = db.DBConnection()
         for value in values:
-            myDB.action("INSERT INTO " + table + " (show_id, range , keyword) VALUES (?,?,?)", [self.show_id, range, value])
+            myDB.action("INSERT INTO [" + table + "] (show_id, range , keyword) VALUES (?,?,?)", [self.show_id, range, value])
 
         self.refresh()
 
@@ -117,18 +117,18 @@ class BlackAndWhiteList(object):
     def _del_all_keywords(self, table):
         logger.log(u"Deleting all " + table + " keywords for " + str(self.show_id), logger.DEBUG)
         myDB = db.DBConnection()
-        myDB.action("DELETE FROM " + table + " WHERE show_id = ?", [self.show_id])
+        myDB.action("DELETE FROM [" + table + "] WHERE show_id = ?", [self.show_id])
         self.refresh()
 
     def _del_all_keywords_for(self, table, range):
         logger.log(u"Deleting all " + range + " " + table + " keywords for " + str(self.show_id), logger.DEBUG)
         myDB = db.DBConnection()
-        myDB.action("DELETE FROM " + table + " WHERE show_id = ? and range = ?", [self.show_id, range])
+        myDB.action("DELETE FROM [" + table + "] WHERE show_id = ? and range = ?", [self.show_id, range])
         self.refresh()
 
     def _load_list(self, table):
         myDB = db.DBConnection()
-        sqlResults = myDB.select("SELECT range,keyword FROM " + table + " WHERE show_id = ? ", [self.show_id])
+        sqlResults = myDB.select("SELECT range,keyword FROM [" + table + "] WHERE show_id = ? ", [self.show_id])
         if not sqlResults or not len(sqlResults):
             return ([], {})
 
diff --git a/sickbeard/db.py b/sickbeard/db.py
index 87acb169..2d521e1f 100644
--- a/sickbeard/db.py
+++ b/sickbeard/db.py
@@ -229,20 +229,20 @@ class DBConnection(object):
 
         genParams = lambda myDict: [x + " = ?" for x in myDict.keys()]
 
-        query = "UPDATE " + tableName + " SET " + ", ".join(genParams(valueDict)) + " WHERE " + " AND ".join(
+        query = "UPDATE [" + tableName + "] SET " + ", ".join(genParams(valueDict)) + " WHERE " + " AND ".join(
             genParams(keyDict))
 
         self.action(query, valueDict.values() + keyDict.values())
 
         if self.connection.total_changes == changesBefore:
-            query = "INSERT INTO " + tableName + " (" + ", ".join(valueDict.keys() + keyDict.keys()) + ")" + \
+            query = "INSERT INTO [" + tableName + "] (" + ", ".join(valueDict.keys() + keyDict.keys()) + ")" + \
                     " VALUES (" + ", ".join(["?"] * len(valueDict.keys() + keyDict.keys())) + ")"
             self.action(query, valueDict.values() + keyDict.values())
 
     def tableInfo(self, tableName):
 
         # FIXME ? binding is not supported here, but I cannot find a way to escape a string manually
-        sqlResult = self.select("PRAGMA table_info(%s)" % tableName)
+        sqlResult = self.select("PRAGMA table_info([%s])" % tableName)
         columns = {}
         for column in sqlResult:
             columns[column['name']] = {'type': column['type']}
@@ -262,8 +262,8 @@ class DBConnection(object):
         return column in self.tableInfo(tableName)
 
     def addColumn(self, table, column, type="NUMERIC", default=0):
-        self.action("ALTER TABLE %s ADD %s %s" % (table, column, type))
-        self.action("UPDATE %s SET %s = ?" % (table, column), (default,))
+        self.action("ALTER TABLE [%s] ADD %s %s" % (table, column, type))
+        self.action("UPDATE [%s] SET %s = ?" % (table, column), (default,))
 
     def close(self):
         """Close database connection"""
@@ -353,12 +353,12 @@ class SchemaUpgrade(object):
         return column in self.connection.tableInfo(tableName)
 
     def addColumn(self, table, column, type="NUMERIC", default=0):
-        self.connection.action("ALTER TABLE %s ADD %s %s" % (table, column, type))
-        self.connection.action("UPDATE %s SET %s = ?" % (table, column), (default,))
+        self.connection.action("ALTER TABLE [%s] ADD %s %s" % (table, column, type))
+        self.connection.action("UPDATE [%s] SET %s = ?" % (table, column), (default,))
 
     def dropColumn(self, table, column):
         # get old table columns and store the ones we want to keep
-        result = self.connection.select('pragma table_info(%s)' % table)
+        result = self.connection.select('pragma table_info([%s])' % table)
         keptColumns = [c for c in result if c['name'] != column]
 
         keptColumnsNames = []
@@ -395,21 +395,21 @@ class SchemaUpgrade(object):
 
         # generate sql for the new table creation
         if len(pk) == 0:
-            sql = 'CREATE TABLE %s_new (%s)' % (table, final)
+            sql = 'CREATE TABLE [%s_new] (%s)' % (table, final)
         else:
             pk = ', '.join(pk)
-            sql = 'CREATE TABLE %s_new (%s, PRIMARY KEY(%s))' % (table, final, pk)
+            sql = 'CREATE TABLE [%s_new] (%s, PRIMARY KEY(%s))' % (table, final, pk)
 
         # create new temporary table and copy the old table data across, barring the removed column
         self.connection.action(sql)
-        self.connection.action('INSERT INTO %s_new SELECT %s FROM %s' % (table, keptColumnsNames, table))
+        self.connection.action('INSERT INTO [%s_new] SELECT %s FROM [%s]' % (table, keptColumnsNames, table))
 
         # copy the old indexes from the old table
         result = self.connection.select('SELECT sql FROM sqlite_master WHERE tbl_name=? and type="index"', [table])
 
         # remove the old table and rename the new table to take it's place
-        self.connection.action('DROP TABLE %s' % table)
-        self.connection.action('ALTER TABLE %s_new RENAME TO %s' % (table, table))
+        self.connection.action('DROP TABLE [%s]' % table)
+        self.connection.action('ALTER TABLE [%s_new] RENAME TO [%s]' % (table, table))
 
         # write any indexes to the new table
         if len(result) > 0: