Parameters for sql execute

src/models/User.cpp

@@ -19,22 +19,37 @@ User::~User() {
 bool User::submitChange() {
     static QString updateSQL = "update Account %1 %2";
     QString setString = "";
+    QMap<QString,QVariant> params;
     #define USER_READONLY_PROPERTY(name)
     #define USER_PROPERTY(name)\
     USER_READONLY_PROPERTY(name)\
-    setString += QString((!setString.isEmpty()&&mf_##name)?", ":"") + QString(mf_##name?QString("set %1='%2'").arg(#name, m_##name):"");
+    if (mf_##name){\
+        setString += QString((!setString.isEmpty())?", ":"") + QString(QString("set %1=%2").arg(#name, ":" #name));\
+        params[":" #name] = m_##name;\
+    }
     USER_PROPERTIES_MACRO()
     #undef USER_PROPERTY
     #undef USER_READONLY_PROPERTY
     QString whereString = " where "+getIndexName()+" = '"+getIndexValue()+"'";
-    return 1 == SQLHelper::ExecuteNoQuery(updateSQL.arg(setString,whereString));
+    bool result = 1 == SQLHelper::ExecuteNoQuery(updateSQL.arg(setString,whereString),&params);
+    if (result)
+    {
+        #define USER_READONLY_PROPERTY(name)
+        #define USER_PROPERTY(name) USER_READONLY_PROPERTY(name) mf_##name = false;
+        USER_PROPERTIES_MACRO()
+        #undef USER_PROPERTY
+        #undef USER_READONLY_PROPERTY
+    }
+    return result;
 }
 
 bool User::QueryUser(QString userID, QString Pwd) {
-    QString sql = QString("select * from Account where UserCode='%1' and Password='%2'")
-            .arg(userID).arg(Pwd);
+    QString sql = QString("select * from Account where UserCode=:userID and Password=:pwd");
     QMap<QString,QVariant> map;
-    SQLHelper::Query(sql, map);
+    QMap<QString,QVariant> params;
+    params[":userID"] = userID;
+    params[":pwd"] = Pwd;
+    SQLHelper::QueryFirst(sql, map, &params);
     if(!map.isEmpty())
     {
         if (!currentUser) currentUser = new User;

src/models/User.h

@@ -15,10 +15,18 @@ USER_PROPERTY(Comment)
 
 
 #include <QObject>
+#include <QtCore/QCryptographicHash>
+
 class User:public QObject {
     Q_OBJECT
 public:
     static bool QueryUser(QString userID, QString Pwd);
+    static QString getEncryptedPassword(const QString& password)
+    {
+        QByteArray bytePwd = password.toLatin1();
+        QByteArray bytePwdMd5 = QCryptographicHash::hash(bytePwd, QCryptographicHash::Md5);
+        return bytePwdMd5.toHex();
+    }
     static User* Current(){
         return currentUser;
     }
@@ -46,7 +54,10 @@ public:
     USER_PROPERTIES_MACRO()
     #undef USER_PROPERTY
     #undef USER_READONLY_PROPERTY
-
+    void restorePassword(const QString& original_pwd){
+        m_Password = original_pwd;
+        mf_Password = false;
+    }
     bool submitChange();
 private:
     static User* currentUser;