Mercurial > urweb
comparison src/mysql.sml @ 1285:514be09d5018
Better UTF-8 escaping for JavaScript and SQL literals
| author | Adam Chlipala <adam@chlipala.net> |
|---|---|
| date | Tue, 10 Aug 2010 15:55:43 -0400 |
| parents | 134da5110bf7 |
| children | acabf3935060 |
comparison
equal
deleted
inserted
replaced
| 1284:43ca083678f8 | 1285:514be09d5018 |
|---|---|
| 342 val unix_socket = ref NONE | 342 val unix_socket = ref NONE |
| 343 | 343 |
| 344 fun stringOf r = case !r of | 344 fun stringOf r = case !r of |
| 345 NONE => string "NULL" | 345 NONE => string "NULL" |
| 346 | SOME s => box [string "\"", | 346 | SOME s => box [string "\"", |
| 347 string (String.toString s), | 347 string (String.toCString s), |
| 348 string "\""] | 348 string "\""] |
| 349 in | 349 in |
| 350 app (fn s => | 350 app (fn s => |
| 351 case String.fields (fn ch => ch = #"=") s of | 351 case String.fields (fn ch => ch = #"=") s of |
| 352 [name, value] => | 352 [name, value] => |
| 475 string (Int.toString i), | 475 string (Int.toString i), |
| 476 string " = stmt;", | 476 string " = stmt;", |
| 477 newline, | 477 newline, |
| 478 | 478 |
| 479 string "if (mysql_stmt_prepare(stmt, \"", | 479 string "if (mysql_stmt_prepare(stmt, \"", |
| 480 string (String.toString s), | 480 string (String.toCString s), |
| 481 string "\", ", | 481 string "\", ", |
| 482 string (Int.toString (size s)), | 482 string (Int.toString (size s)), |
| 483 string ")) {", | 483 string ")) {", |
| 484 newline, | 484 newline, |
| 485 box [string "char msg[1024];", | 485 box [string "char msg[1024];", |
| 972 box [string "uw_push_cleanup(ctx, (void (*)(void *))mysql_stmt_close, stmt);", | 972 box [string "uw_push_cleanup(ctx, (void (*)(void *))mysql_stmt_close, stmt);", |
| 973 newline] | 973 newline] |
| 974 else | 974 else |
| 975 box [], | 975 box [], |
| 976 string "if (mysql_stmt_prepare(stmt, \"", | 976 string "if (mysql_stmt_prepare(stmt, \"", |
| 977 string (String.toString query), | 977 string (String.toCString query), |
| 978 string "\", ", | 978 string "\", ", |
| 979 string (Int.toString (size query)), | 979 string (Int.toString (size query)), |
| 980 string ")) {", | 980 string ")) {", |
| 981 newline, | 981 newline, |
| 982 box [string "char msg[1024];", | 982 box [string "char msg[1024];", |
| 1183 string (ErrorMsg.spanToString loc), | 1183 string (ErrorMsg.spanToString loc), |
| 1184 string ": error binding parameters\");", | 1184 string ": error binding parameters\");", |
| 1185 newline, | 1185 newline, |
| 1186 | 1186 |
| 1187 queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", | 1187 queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", |
| 1188 string (String.toString query), | 1188 string (String.toCString query), |
| 1189 string "\""]}, | 1189 string "\""]}, |
| 1190 | 1190 |
| 1191 if nested then | 1191 if nested then |
| 1192 box [string "uw_pop_cleanup(ctx);", | 1192 box [string "uw_pop_cleanup(ctx);", |
| 1193 newline] | 1193 newline] |
| 1274 box [string "stmt = mysql_stmt_init(conn->conn);", | 1274 box [string "stmt = mysql_stmt_init(conn->conn);", |
| 1275 newline, | 1275 newline, |
| 1276 string "if (stmt == NULL) uw_error(ctx, FATAL, \"Out of memory allocating prepared statement\");", | 1276 string "if (stmt == NULL) uw_error(ctx, FATAL, \"Out of memory allocating prepared statement\");", |
| 1277 newline, | 1277 newline, |
| 1278 string "if (mysql_stmt_prepare(stmt, \"", | 1278 string "if (mysql_stmt_prepare(stmt, \"", |
| 1279 string (String.toString dml), | 1279 string (String.toCString dml), |
| 1280 string "\", ", | 1280 string "\", ", |
| 1281 string (Int.toString (size dml)), | 1281 string (Int.toString (size dml)), |
| 1282 string ")) {", | 1282 string ")) {", |
| 1283 newline, | 1283 newline, |
| 1284 box [string "char msg[1024];", | 1284 box [string "char msg[1024];", |
| 1468 string (ErrorMsg.spanToString loc), | 1468 string (ErrorMsg.spanToString loc), |
| 1469 string ": error binding parameters\");", | 1469 string ": error binding parameters\");", |
| 1470 newline, | 1470 newline, |
| 1471 | 1471 |
| 1472 dmlCommon {loc = loc, dml = box [string "\"", | 1472 dmlCommon {loc = loc, dml = box [string "\"", |
| 1473 string (String.toString dml), | 1473 string (String.toCString dml), |
| 1474 string "\""]}] | 1474 string "\""]}] |
| 1475 | 1475 |
| 1476 fun nextval {loc, seqE, seqName} = | 1476 fun nextval {loc, seqE, seqName} = |
| 1477 box [string "uw_conn *conn = uw_get_db(ctx);", | 1477 box [string "uw_conn *conn = uw_get_db(ctx);", |
| 1478 newline, | 1478 newline, |
| 1512 str ch | 1512 str ch |
| 1513 else | 1513 else |
| 1514 (ErrorMsg.error | 1514 (ErrorMsg.error |
| 1515 "Non-printing character found in SQL string literal"; | 1515 "Non-printing character found in SQL string literal"; |
| 1516 "")) | 1516 "")) |
| 1517 (String.toString s) ^ "'" | 1517 (String.toCString s) ^ "'" |
| 1518 | 1518 |
| 1519 fun p_cast (s, _) = s | 1519 fun p_cast (s, _) = s |
| 1520 | 1520 |
| 1521 fun p_blank _ = "?" | 1521 fun p_blank _ = "?" |
| 1522 | 1522 |