Fossil SCM

Fill in SQL parameters in report formats using HTTP query parameter values.

drh 2016-08-22 15:20 trunk

Commit 0ef09dc9cd8b7bad61930e7e3a18a6db651fecdb

Parent 253795692b31080…

1 file changed +13 -3

M src/report.c

+13 -3

		--- src/report.c
		+++ src/report.c
		@@ -896,10 +896,11 @@
896	896	sqlite3_stmt pStmt = 0; / The current SQL statement */
897	897	const char *azCols = 0; / Names of result columns */
898	898	int nCol; /* Number of columns of output */
899	899	const char *azVals = 0; / Text of all output columns */
900	900	int i; /* Loop counter */
	901	+ int nVar; /* Number of parameters */
901	902
902	903	pStmt = 0;
903	904	rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
904	905	assert( rc==SQLITE_OK \|\| pStmt==0 );
905	906	if( rc!=SQLITE_OK ){
		@@ -912,13 +913,22 @@
912	913	if( !sqlite3_stmt_readonly(pStmt) ){
913	914	sqlite3_finalize(pStmt);
914	915	return SQLITE_ERROR;
915	916	}
916	917
917		- i = sqlite3_bind_parameter_index(pStmt, "$login");
918		- if( i ) sqlite3_bind_text(pStmt, i, g.zLogin, -1, SQLITE_TRANSIENT);
919		-
	918	+ nVar = sqlite3_bind_parameter_count(pStmt);
	919	+ for(i=1; i<=nVar; i++){
	920	+ const char *zVar = sqlite3_bind_parameter_name(pStmt, i);
	921	+ if( zVar==0 ) continue;
	922	+ if( zVar[0]!='$' && zVar[0]!='$' && zVar[0]!=':' ) continue;
	923	+ if( !fossil_islower(zVar[1]) ) continue;
	924	+ if( strcmp(zVar, "$login")==0 ){
	925	+ sqlite3_bind_text(pStmt, i, g.zLogin, -1, SQLITE_TRANSIENT);
	926	+ }else{
	927	+ sqlite3_bind_text(pStmt, i, P(zVar+1), -1, SQLITE_TRANSIENT);
	928	+ }
	929	+ }
920	930	nCol = sqlite3_column_count(pStmt);
921	931	azVals = fossil_malloc(2nColsizeof(const char*) + 1);
922	932	while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){
923	933	if( azCols==0 ){
924	934	azCols = &azVals[nCol];
925	935

	--- src/report.c
	+++ src/report.c
	@@ -896,10 +896,11 @@
896	sqlite3_stmt pStmt = 0; / The current SQL statement */
897	const char *azCols = 0; / Names of result columns */
898	int nCol; /* Number of columns of output */
899	const char *azVals = 0; / Text of all output columns */
900	int i; /* Loop counter */

901
902	pStmt = 0;
903	rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
904	assert( rc==SQLITE_OK \|\| pStmt==0 );
905	if( rc!=SQLITE_OK ){
	@@ -912,13 +913,22 @@
912	if( !sqlite3_stmt_readonly(pStmt) ){
913	sqlite3_finalize(pStmt);
914	return SQLITE_ERROR;
915	}
916
917	i = sqlite3_bind_parameter_index(pStmt, "$login");
918	if( i ) sqlite3_bind_text(pStmt, i, g.zLogin, -1, SQLITE_TRANSIENT);
919









920	nCol = sqlite3_column_count(pStmt);
921	azVals = fossil_malloc(2nColsizeof(const char*) + 1);
922	while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){
923	if( azCols==0 ){
924	azCols = &azVals[nCol];
925

	--- src/report.c
	+++ src/report.c
	@@ -896,10 +896,11 @@
896	sqlite3_stmt pStmt = 0; / The current SQL statement */
897	const char *azCols = 0; / Names of result columns */
898	int nCol; /* Number of columns of output */
899	const char *azVals = 0; / Text of all output columns */
900	int i; /* Loop counter */
901	int nVar; /* Number of parameters */
902
903	pStmt = 0;
904	rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
905	assert( rc==SQLITE_OK \|\| pStmt==0 );
906	if( rc!=SQLITE_OK ){
	@@ -912,13 +913,22 @@
913	if( !sqlite3_stmt_readonly(pStmt) ){
914	sqlite3_finalize(pStmt);
915	return SQLITE_ERROR;
916	}
917
918	nVar = sqlite3_bind_parameter_count(pStmt);
919	for(i=1; i<=nVar; i++){
920	const char *zVar = sqlite3_bind_parameter_name(pStmt, i);
921	if( zVar==0 ) continue;
922	if( zVar[0]!='$' && zVar[0]!='$' && zVar[0]!=':' ) continue;
923	if( !fossil_islower(zVar[1]) ) continue;
924	if( strcmp(zVar, "$login")==0 ){
925	sqlite3_bind_text(pStmt, i, g.zLogin, -1, SQLITE_TRANSIENT);
926	}else{
927	sqlite3_bind_text(pStmt, i, P(zVar+1), -1, SQLITE_TRANSIENT);
928	}
929	}
930	nCol = sqlite3_column_count(pStmt);
931	azVals = fossil_malloc(2nColsizeof(const char*) + 1);
932	while( (rc = sqlite3_step(pStmt))==SQLITE_ROW ){
933	if( azCols==0 ){
934	azCols = &azVals[nCol];
935