Mercurial > urweb
comparison src/sqlite.sml @ 1285:514be09d5018
Better UTF-8 escaping for JavaScript and SQL literals
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Tue, 10 Aug 2010 15:55:43 -0400 |
parents | 459a334345ae |
children | acabf3935060 |
comparison
equal
deleted
inserted
replaced
1284:43ca083678f8 | 1285:514be09d5018 |
---|---|
228 string s]) args, | 228 string s]) args, |
229 string ");", | 229 string ");", |
230 newline] | 230 newline] |
231 in | 231 in |
232 box [string "if (sqlite3_prepare_v2(conn->conn, \"", | 232 box [string "if (sqlite3_prepare_v2(conn->conn, \"", |
233 string (String.toString s), | 233 string (String.toCString s), |
234 string "\", -1, &conn->p", | 234 string "\", -1, &conn->p", |
235 string (Int.toString i), | 235 string (Int.toString i), |
236 string ", NULL) != SQLITE_OK) {", | 236 string ", NULL) != SQLITE_OK) {", |
237 newline, | 237 newline, |
238 box [string "char msg[1024];", | 238 box [string "char msg[1024];", |
240 string "strncpy(msg, sqlite3_errmsg(conn->conn), 1024);", | 240 string "strncpy(msg, sqlite3_errmsg(conn->conn), 1024);", |
241 newline, | 241 newline, |
242 string "msg[1023] = 0;", | 242 string "msg[1023] = 0;", |
243 newline, | 243 newline, |
244 uhoh false ("Error preparing statement: " | 244 uhoh false ("Error preparing statement: " |
245 ^ String.toString s ^ "<br />%s") ["msg"]], | 245 ^ String.toCString s ^ "<br />%s") ["msg"]], |
246 string "}", | 246 string "}", |
247 newline] | 247 newline] |
248 end) | 248 end) |
249 ss, | 249 ss, |
250 | 250 |
649 | 649 |
650 string "if (stmt == NULL) {", | 650 string "if (stmt == NULL) {", |
651 newline], | 651 newline], |
652 | 652 |
653 string "if (sqlite3_prepare_v2(conn->conn, \"", | 653 string "if (sqlite3_prepare_v2(conn->conn, \"", |
654 string (String.toString query), | 654 string (String.toCString query), |
655 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", | 655 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", |
656 string (String.toString query), | 656 string (String.toCString query), |
657 string "<br />%s\", sqlite3_errmsg(conn->conn));", | 657 string "<br />%s\", sqlite3_errmsg(conn->conn));", |
658 newline, | 658 newline, |
659 if nested then | 659 if nested then |
660 box [string "uw_push_cleanup(ctx, (void (*)(void *))sqlite3_finalize, stmt);", | 660 box [string "uw_push_cleanup(ctx, (void (*)(void *))sqlite3_finalize, stmt);", |
661 newline] | 661 newline] |
675 | 675 |
676 p_inputs loc inputs, | 676 p_inputs loc inputs, |
677 newline, | 677 newline, |
678 | 678 |
679 queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", | 679 queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", |
680 string (String.toString query), | 680 string (String.toCString query), |
681 string "\""]}, | 681 string "\""]}, |
682 | 682 |
683 string "uw_pop_cleanup(ctx);", | 683 string "uw_pop_cleanup(ctx);", |
684 newline, | 684 newline, |
685 if nested then | 685 if nested then |
737 newline, | 737 newline, |
738 | 738 |
739 string "if (stmt == NULL) {", | 739 string "if (stmt == NULL) {", |
740 newline, | 740 newline, |
741 box [string "if (sqlite3_prepare_v2(conn->conn, \"", | 741 box [string "if (sqlite3_prepare_v2(conn->conn, \"", |
742 string (String.toString dml), | 742 string (String.toCString dml), |
743 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", | 743 string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", |
744 string (String.toString dml), | 744 string (String.toCString dml), |
745 string "<br />%s\", sqlite3_errmsg(conn->conn));", | 745 string "<br />%s\", sqlite3_errmsg(conn->conn));", |
746 newline, | 746 newline, |
747 string "conn->p", | 747 string "conn->p", |
748 string (Int.toString id), | 748 string (Int.toString id), |
749 string " = stmt;", | 749 string " = stmt;", |
758 | 758 |
759 p_inputs loc inputs, | 759 p_inputs loc inputs, |
760 newline, | 760 newline, |
761 | 761 |
762 dmlCommon {loc = loc, dml = box [string "\"", | 762 dmlCommon {loc = loc, dml = box [string "\"", |
763 string (String.toString dml), | 763 string (String.toCString dml), |
764 string "\""]}, | 764 string "\""]}, |
765 | 765 |
766 string "uw_pop_cleanup(ctx);", | 766 string "uw_pop_cleanup(ctx);", |
767 newline, | 767 newline, |
768 string "uw_pop_cleanup(ctx);", | 768 string "uw_pop_cleanup(ctx);", |
798 | 798 |
799 fun nextvalPrepared _ = raise Fail "SQLite.nextvalPrepared called" | 799 fun nextvalPrepared _ = raise Fail "SQLite.nextvalPrepared called" |
800 fun setval _ = raise Fail "SQLite.setval called" | 800 fun setval _ = raise Fail "SQLite.setval called" |
801 | 801 |
802 fun sqlifyString s = "'" ^ String.translate (fn #"'" => "''" | 802 fun sqlifyString s = "'" ^ String.translate (fn #"'" => "''" |
803 | ch => | 803 | #"\000" => "" |
804 if Char.isPrint ch then | 804 | ch => str ch) |
805 str ch | 805 s ^ "'" |
806 else | |
807 (ErrorMsg.error | |
808 "Non-printing character found in SQL string literal"; | |
809 "")) | |
810 (String.toString s) ^ "'" | |
811 | 806 |
812 fun p_cast (s, _) = s | 807 fun p_cast (s, _) = s |
813 | 808 |
814 fun p_blank _ = "?" | 809 fun p_blank _ = "?" |
815 | 810 |