pike.git / lib / modules / Sql.pmod / pgsql.pike

version» Context lines:

pike.git/lib/modules/Sql.pmod/pgsql.pike:54:   private int port;   private mapping(string:string) sessiondefaults=([]); // runtime parameters   Thread.Mutex _querymutex;   Thread.Mutex _stealmutex;      protected string _sprintf(int type, void|mapping flags) {    string res=UNDEFINED;    switch(type) {    case 'O':    res=sprintf(DRIVERNAME"://%s@%s:%d/%s pid:%d %s reconnected:%d\n" -  "mstate: %O qstate: %O pstmtcount: %d pportalcount: %d\n" -  "Last query: %O\n" -  "Last message: %s\n" -  "Last error: %O\n" -  "portal %d %O\n%O\n", +  "mstate: %O qstate: %O pstmtcount: %d pportalcount: %d prepcache: %d\n" +  "Last message: %s",    user,host,port,database,backendpid,status_commit(),reconnected, -  _mstate,qstate,pstmtcount,pportalcount, -  _c.portal&&_c.portal->query||"", -  lastmessage||"", -  msgresponse, -  !!_c.portal,runtimeparameter,prepareds); +  _mstate,qstate,pstmtcount,pportalcount,sizeof(prepareds), +  lastmessage||"");    break;    }    return res;   }      #define BOOLOID 16   #define BYTEAOID 17   #define CHAROID 18   #define INT8OID 20   #define INT2OID 21
pike.git/lib/modules/Sql.pmod/pgsql.pike:124:   //! You need to have a database selected before using the sql-object,   //! otherwise you'll get exceptions when you try to query it. Also   //! notice that this function @b{can@} raise exceptions if the db   //! server doesn't respond, if the database doesn't exist or is not   //! accessible by you.   //!   //! @seealso   //! @[Postgres.postgres], @[Sql.Sql], @[postgres->select_db]   protected void create(void|string _host, void|string _database,    void|string _user, void|string _pass, void|mapping(string:mixed) _options) { -  pass = _pass; _pass = "CENSORED"; +  pass = _pass; _pass = "CENSORED"; String.secure(pass);    user = _user; database = _database; host = _host || PGSQL_DEFAULT_HOST;    options = _options || ([]);    if(search(host,":")>=0 && sscanf(_host,"%s:%d",host,port)!=2)    ERROR("Error in parsing the hostname argument\n");    if(!port)    port = PGSQL_DEFAULT_PORT;    _querymutex=Thread.Mutex();    _stealmutex=Thread.Mutex();    reconnect();   }
pike.git/lib/modules/Sql.pmod/pgsql.pike:586:    case 'G':PD("CopyInResponse\n");    getcols();    _mstate=copyinresponse;    break;    case 'c':PD("CopyDone\n");    msglen-=4;    break;    case 'E':PD("ErrorResponse\n");    getresponse();    switch(msgresponse->C) { + #define USERERROR(msg) throw(({msg, backtrace()[..<1]}))    case "P0001":    lastmessage=sprintf("%s: %s",msgresponse->S,msgresponse->M); -  ERROR(lastmessage +  USERERROR(lastmessage    +"\n"+pinpointerror(_c.portal->query,msgresponse->P));    break;    default:    lastmessage=sprintf("%s %s:%s %s\n (%s:%s:%s)\n%s%s%s%s\n%s",    msgresponse->S,msgresponse->C,msgresponse->P||"",msgresponse->M,    msgresponse->F||"",msgresponse->R||"",msgresponse->L||"",    addnlifpresent(msgresponse->D),addnlifpresent(msgresponse->H),    pinpointerror(_c.portal&&_c.portal->query,msgresponse->P),    pinpointerror(msgresponse->q,msgresponse->p),    addnlifpresent(msgresponse->W));    switch(msgresponse->S) {    case "PANIC":werror(lastmessage);    } -  ERROR(lastmessage); +  USERERROR(lastmessage);    }    break;    case 'N':PD("NoticeResponse\n");    getresponse();    lastmessage=sprintf("%s %s: %s",    msgresponse->S,msgresponse->C,msgresponse->M);    break;    case 'A':PD("NotificationResponse\n");    { msglen-=4+4;    int pid=_c.getint32();
pike.git/lib/modules/Sql.pmod/pgsql.pike:1083:   //! It returns a pgsql_result object (which conforms to the   //! @[Sql.sql_result] standard interface for accessing data). I   //! recommend using @[query()] for simpler queries (because it is   //! easier to handle, but stores all the result in memory), and   //! @[big_query()] for queries you expect to return huge amounts of   //! data (it's harder to handle, but fetches results on demand).   //!   //! @note   //! This function @b{can@} raise exceptions.   //! + //! @note + //! This function does not support multiple queries in one querystring. + //! I.e. it allows for but does not require a trailing semicolon, but it + //! simply ignores any commands after the first semicolon. This can be + //! viewed as a limited protection against SQL-injection attacks. + //!   //! @seealso   //! @[Sql.Sql], @[Sql.sql_result]   object big_query(string q,void|mapping(string|int:mixed) bindings) {    string preparedname="";    string portalname="";    if(stringp(q) && String.width(q)>8)    q=string_to_utf8(q);    array(string|int) paramValues;    if(bindings) {    int pi=0,rep=0;