Properly escape everywhere

tag.sh

@@ -16,7 +16,7 @@ set -ueo pipefail
 # TODO: adjust sqlite_insert_multiple to allow defining columns per insert, currently it's hardcoded to 2
 # TODO: merge sqlite_insert_single and sqlite_insert_multiple probably as result of the above
 
-SCRIPT_DIR=$(dirname $(readlink "$0"))
+SCRIPT_DIR=$(dirname "$(readlink "$0")")
 SCRIPT_NAME=$(basename "$0")
 
 
@@ -152,10 +152,10 @@ add_path() {
     for FILE in "$@"; do
         [ ! -f "$FILE" ] && fail "File '$FILE' does not exist in the specified path."
         local FILENAME=$(basename "$FILE")
-        local FILEPATH=$(realpath $(dirname "$FILE"))
+        local FILEPATH=$(realpath "$(dirname "$FILE")")
         file_exists_in_db "$FILE" && fail "File '$FILE' already exists in database."
-        FILES+=("'$FILENAME'")
-        FILES+=("'$FILEPATH'")
+        FILES+=("\"$FILENAME\"")
+        FILES+=("\"$FILEPATH\"")
     done
     sqlite_insert_multi "$TABLE" "$COLUMN" "${FILES[@]}"
 }
@@ -179,7 +179,7 @@ add_path_auto() {
 tag_exists_in_db() {
     # $TAGLABEL
     TAG=${1:-}
-    RESULT=$(sqlite_query "SELECT id FROM tags WHERE label = '$TAG'")
+    RESULT=$(sqlite_query "SELECT id FROM tags WHERE label = \"$TAG\"")
     if [[ -z "$RESULT" ]]; then
         return 1
     else
@@ -200,9 +200,9 @@ file_exists_in_db() {
 file_by_filename() {
     # FILENAME
     local FILENAME=$(basename "${1:-}")
-    local FILEPATH=$(realpath $(dirname "${1:-}"))
+    local FILEPATH=$(realpath "$(dirname "${1:-}")")
     local RESULT=0
-    RESULT=$(sqlite_query "SELECT id FROM files WHERE filename = '$FILENAME' AND path = '$FILEPATH'")
+    RESULT=$(sqlite_query "SELECT id FROM files WHERE filename = \"$FILENAME\" AND path = \"$FILEPATH\"")
     echo $RESULT
 }