Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| SHA1 Hash: | 3e1dd97f77481a92408e5ef0f27337ea5167793e |
|---|---|
| Date: | 2012-07-06 16:18:48 |
| User: | stephan |
| Comment: | /json/query now fails without executing the query if the provided query has no result _columns_ (to explicitly disallow INSERT/DELETE/DROP, etc.). |
Tags And Properties
- branch=trunk inherited from [bf1c21ba16]
- sym-trunk inherited from [bf1c21ba16]
Changes
Changes to src/json_query.c
63 "'sql' (-s) argument is missing."); 63 "'sql' (-s) argument is missing."); 64 return NULL; 64 return NULL; 65 } 65 } 66 66 67 zFmt = json_find_option_cstr2("format",NULL,"f",3); 67 zFmt = json_find_option_cstr2("format",NULL,"f",3); 68 if(!zFmt) zFmt = "o"; 68 if(!zFmt) zFmt = "o"; 69 db_prepare(&q,"%s", zSql); 69 db_prepare(&q,"%s", zSql); > 70 if( 0 == sqlite3_column_count( q.pStmt ) ){ > 71 json_set_err(FSL_JSON_E_USAGE, > 72 "Input query has no result columns. " > 73 "Only SELECT-like queries are supported."); > 74 db_finalize(&q); > 75 return NULL; > 76 } 70 switch(*zFmt){ 77 switch(*zFmt){ 71 case 'a': 78 case 'a': 72 check = cson_sqlite3_stmt_to_json(q.pStmt, &payV, 0); 79 check = cson_sqlite3_stmt_to_json(q.pStmt, &payV, 0); 73 break; 80 break; 74 case 'o': 81 case 'o': 75 default: 82 default: 76 check = cson_sqlite3_stmt_to_json(q.pStmt, &payV, 1); 83 check = cson_sqlite3_stmt_to_json(q.pStmt, &payV, 1);