Mercurial > urweb
comparison src/sqlite.sml @ 1285:514be09d5018
Better UTF-8 escaping for JavaScript and SQL literals
| author | Adam Chlipala <adam@chlipala.net> |
|---|---|
| date | Tue, 10 Aug 2010 15:55:43 -0400 |
| parents | 459a334345ae |
| children | acabf3935060 |
comparison
equal
deleted
inserted
replaced
| 1284:43ca083678f8 | 1285:514be09d5018 |
|---|---|
| 228 string s]) args, | 228 string s]) args, |
| 229 string ");", | 229 string ");", |
| 230 newline] | 230 newline] |
| 231 in | 231 in |
| 232 box [string "if (sqlite3_prepare_v2(conn->conn, \"", | 232 box [string "if (sqlite3_prepare_v2(conn->conn, \"", |
| 233 string (String.toString s), | 233 string (String.toCString s), |
| 234 string "\", -1, &conn->p", | 234 string "\", -1, &conn->p", |
| 235 string (Int.toString i), | 235 string (Int.toString i), |
| 236 string ", NULL) != SQLITE_OK) {", | 236 string ", NULL) != SQLITE_OK) {", |
| 237 newline, | 237 newline, |
| 238 box [string "char msg[1024];", | 238 box [string "char msg[1024];", |
| 240 string "strncpy(msg, sqlite3_errmsg(conn->conn), 1024);", | 240 string "strncpy(msg, sqlite3_errmsg(conn->conn), 1024);", |
| 241 newline, | 241 newline, |
| 242 string "msg[1023] = 0;", | 242 string "msg[1023] = 0;", |
| 243 newline, | 243 newline, |
| 244 uhoh false ("Error preparing statement: " | 244 uhoh false ("Error preparing statement: " |
| 245 ^ String.toString s ^ "<br />%s") ["msg"]], | 245 ^ String.toCString s ^ "<br />%s") ["msg"]], |
| 246 string "}", | 246 string "}", |
| 247 newline] | 247 newline] |
| 248 end) | 248 end) |
| 249 ss, | 249 ss, |
| 250 | 250 |
| 649 | 649 |
| 650 string "if (stmt == NULL) {", | 650 string "if (stmt == NULL) {", |
| 651 newline], | 651 newline], |
| 652 | 652 |
| 653 string "if (sqlite3_prepare_v2(conn->conn, \"", | 653 string "if (sqlite3_prepare_v2(conn->conn, \"", |
| 654 string (String.toString query), | 654 string (String.toCString query), |
| 655 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", | 655 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", |
| 656 string (String.toString query), | 656 string (String.toCString query), |
| 657 string "<br />%s\", sqlite3_errmsg(conn->conn));", | 657 string "<br />%s\", sqlite3_errmsg(conn->conn));", |
| 658 newline, | 658 newline, |
| 659 if nested then | 659 if nested then |
| 660 box [string "uw_push_cleanup(ctx, (void (*)(void *))sqlite3_finalize, stmt);", | 660 box [string "uw_push_cleanup(ctx, (void (*)(void *))sqlite3_finalize, stmt);", |
| 661 newline] | 661 newline] |
| 675 | 675 |
| 676 p_inputs loc inputs, | 676 p_inputs loc inputs, |
| 677 newline, | 677 newline, |
| 678 | 678 |
| 679 queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", | 679 queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", |
| 680 string (String.toString query), | 680 string (String.toCString query), |
| 681 string "\""]}, | 681 string "\""]}, |
| 682 | 682 |
| 683 string "uw_pop_cleanup(ctx);", | 683 string "uw_pop_cleanup(ctx);", |
| 684 newline, | 684 newline, |
| 685 if nested then | 685 if nested then |
| 737 newline, | 737 newline, |
| 738 | 738 |
| 739 string "if (stmt == NULL) {", | 739 string "if (stmt == NULL) {", |
| 740 newline, | 740 newline, |
| 741 box [string "if (sqlite3_prepare_v2(conn->conn, \"", | 741 box [string "if (sqlite3_prepare_v2(conn->conn, \"", |
| 742 string (String.toString dml), | 742 string (String.toCString dml), |
| 743 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", | 743 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", |
| 744 string (String.toString dml), | 744 string (String.toCString dml), |
| 745 string "<br />%s\", sqlite3_errmsg(conn->conn));", | 745 string "<br />%s\", sqlite3_errmsg(conn->conn));", |
| 746 newline, | 746 newline, |
| 747 string "conn->p", | 747 string "conn->p", |
| 748 string (Int.toString id), | 748 string (Int.toString id), |
| 749 string " = stmt;", | 749 string " = stmt;", |
| 758 | 758 |
| 759 p_inputs loc inputs, | 759 p_inputs loc inputs, |
| 760 newline, | 760 newline, |
| 761 | 761 |
| 762 dmlCommon {loc = loc, dml = box [string "\"", | 762 dmlCommon {loc = loc, dml = box [string "\"", |
| 763 string (String.toString dml), | 763 string (String.toCString dml), |
| 764 string "\""]}, | 764 string "\""]}, |
| 765 | 765 |
| 766 string "uw_pop_cleanup(ctx);", | 766 string "uw_pop_cleanup(ctx);", |
| 767 newline, | 767 newline, |
| 768 string "uw_pop_cleanup(ctx);", | 768 string "uw_pop_cleanup(ctx);", |
| 798 | 798 |
| 799 fun nextvalPrepared _ = raise Fail "SQLite.nextvalPrepared called" | 799 fun nextvalPrepared _ = raise Fail "SQLite.nextvalPrepared called" |
| 800 fun setval _ = raise Fail "SQLite.setval called" | 800 fun setval _ = raise Fail "SQLite.setval called" |
| 801 | 801 |
| 802 fun sqlifyString s = "'" ^ String.translate (fn #"'" => "''" | 802 fun sqlifyString s = "'" ^ String.translate (fn #"'" => "''" |
| 803 | ch => | 803 | #"\000" => "" |
| 804 if Char.isPrint ch then | 804 | ch => str ch) |
| 805 str ch | 805 s ^ "'" |
| 806 else | |
| 807 (ErrorMsg.error | |
| 808 "Non-printing character found in SQL string literal"; | |
| 809 "")) | |
| 810 (String.toString s) ^ "'" | |
| 811 | 806 |
| 812 fun p_cast (s, _) = s | 807 fun p_cast (s, _) = s |
| 813 | 808 |
| 814 fun p_blank _ = "?" | 809 fun p_blank _ = "?" |
| 815 | 810 |