| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | /* statement.c - the statement type
 | 
					
						
							|  |  |  |  * | 
					
						
							| 
									
										
										
										
											2010-09-03 23:47:32 +00:00
										 |  |  |  * Copyright (C) 2005-2010 Gerhard Häring <gh@ghaering.de> | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |  * | 
					
						
							|  |  |  |  * This file is part of pysqlite. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This software is provided 'as-is', without any express or implied | 
					
						
							|  |  |  |  * warranty.  In no event will the authors be held liable for any damages | 
					
						
							|  |  |  |  * arising from the use of this software. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Permission is granted to anyone to use this software for any purpose, | 
					
						
							|  |  |  |  * including commercial applications, and to alter it and redistribute it | 
					
						
							|  |  |  |  * freely, subject to the following restrictions: | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * 1. The origin of this software must not be misrepresented; you must not | 
					
						
							|  |  |  |  *    claim that you wrote the original software. If you use this software | 
					
						
							|  |  |  |  *    in a product, an acknowledgment in the product documentation would be | 
					
						
							|  |  |  |  *    appreciated but is not required. | 
					
						
							|  |  |  |  * 2. Altered source versions must be plainly marked as such, and must not be | 
					
						
							|  |  |  |  *    misrepresented as being the original software. | 
					
						
							|  |  |  |  * 3. This notice may not be removed or altered from any source distribution. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "connection.h"
 | 
					
						
							| 
									
										
										
										
											2022-05-03 14:00:39 -06:00
										 |  |  | #include "statement.h"
 | 
					
						
							| 
									
										
										
										
											2013-02-07 17:01:47 +02:00
										 |  |  | #include "util.h"
 | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-01-31 14:33:30 +01:00
										 |  |  | #define _pysqlite_Statement_CAST(op)    ((pysqlite_Statement *)(op))
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | /* prototypes */ | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  | static const char *lstrip_sql(const char *sql); | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  | pysqlite_Statement * | 
					
						
							|  |  |  | pysqlite_statement_create(pysqlite_Connection *connection, PyObject *sql) | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2021-07-29 11:21:45 +02:00
										 |  |  |     pysqlite_state *state = connection->state; | 
					
						
							| 
									
										
										
										
											2019-06-26 03:16:24 +02:00
										 |  |  |     assert(PyUnicode_Check(sql)); | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     Py_ssize_t size; | 
					
						
							|  |  |  |     const char *sql_cstr = PyUnicode_AsUTF8AndSize(sql, &size); | 
					
						
							| 
									
										
										
										
											2007-08-29 03:34:29 +00:00
										 |  |  |     if (sql_cstr == NULL) { | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  |         return NULL; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-06-02 14:26:06 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     sqlite3 *db = connection->db; | 
					
						
							| 
									
										
										
										
											2021-11-10 19:46:11 +01:00
										 |  |  |     int max_length = sqlite3_limit(db, SQLITE_LIMIT_SQL_LENGTH, -1); | 
					
						
							|  |  |  |     if (size > max_length) { | 
					
						
							| 
									
										
										
										
											2021-07-14 13:26:44 +02:00
										 |  |  |         PyErr_SetString(connection->DataError, | 
					
						
							|  |  |  |                         "query string is too large"); | 
					
						
							| 
									
										
										
										
											2021-06-02 15:22:15 +02:00
										 |  |  |         return NULL; | 
					
						
							| 
									
										
										
										
											2021-06-02 14:26:06 +02:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     if (strlen(sql_cstr) != (size_t)size) { | 
					
						
							| 
									
										
										
										
											2022-03-17 06:58:25 +01:00
										 |  |  |         PyErr_SetString(connection->ProgrammingError, | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  |                         "the query contains a null character"); | 
					
						
							|  |  |  |         return NULL; | 
					
						
							| 
									
										
										
										
											2014-09-11 13:29:05 +03:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     sqlite3_stmt *stmt; | 
					
						
							|  |  |  |     const char *tail; | 
					
						
							|  |  |  |     int rc; | 
					
						
							|  |  |  |     Py_BEGIN_ALLOW_THREADS | 
					
						
							|  |  |  |     rc = sqlite3_prepare_v2(db, sql_cstr, (int)size + 1, &stmt, &tail); | 
					
						
							|  |  |  |     Py_END_ALLOW_THREADS | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (rc != SQLITE_OK) { | 
					
						
							| 
									
										
										
										
											2025-02-11 08:49:25 +01:00
										 |  |  |         set_error_from_db(state, db); | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  |         return NULL; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |     if (lstrip_sql(tail) != NULL) { | 
					
						
							| 
									
										
										
										
											2022-03-17 06:58:25 +01:00
										 |  |  |         PyErr_SetString(connection->ProgrammingError, | 
					
						
							| 
									
										
										
										
											2021-07-14 13:26:44 +02:00
										 |  |  |                         "You can only execute one statement at a time."); | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |         goto error; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-26 18:22:38 +03:00
										 |  |  |     /* Determine if the statement is a DML statement.
 | 
					
						
							|  |  |  |        SELECT is the only exception. See #9924. */ | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     int is_dml = 0; | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |     const char *p = lstrip_sql(sql_cstr); | 
					
						
							|  |  |  |     if (p != NULL) { | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |         is_dml = (PyOS_strnicmp(p, "insert", 6) == 0) | 
					
						
							|  |  |  |                   || (PyOS_strnicmp(p, "update", 6) == 0) | 
					
						
							|  |  |  |                   || (PyOS_strnicmp(p, "delete", 6) == 0) | 
					
						
							|  |  |  |                   || (PyOS_strnicmp(p, "replace", 7) == 0); | 
					
						
							| 
									
										
										
										
											2016-09-11 12:57:15 +03:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     pysqlite_Statement *self = PyObject_GC_New(pysqlite_Statement, | 
					
						
							| 
									
										
										
										
											2021-06-15 14:47:34 +02:00
										 |  |  |                                                state->StatementType); | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     if (self == NULL) { | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  |         goto error; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     self->st = stmt; | 
					
						
							|  |  |  |     self->is_dml = is_dml; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     PyObject_GC_Track(self); | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  |     return self; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | error: | 
					
						
							| 
									
										
										
										
											2021-06-08 17:00:56 +02:00
										 |  |  |     (void)sqlite3_finalize(stmt); | 
					
						
							| 
									
										
										
										
											2021-06-01 12:47:37 +02:00
										 |  |  |     return NULL; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-21 01:29:19 +01:00
										 |  |  | static void | 
					
						
							| 
									
										
										
										
											2025-01-31 14:33:30 +01:00
										 |  |  | stmt_dealloc(PyObject *op) | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2025-01-31 14:33:30 +01:00
										 |  |  |     pysqlite_Statement *self = _pysqlite_Statement_CAST(op); | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  |     PyTypeObject *tp = Py_TYPE(self); | 
					
						
							| 
									
										
										
										
											2025-01-31 14:33:30 +01:00
										 |  |  |     PyObject_GC_UnTrack(op); | 
					
						
							| 
									
										
										
										
											2021-06-05 03:50:39 +01:00
										 |  |  |     if (self->st) { | 
					
						
							| 
									
										
										
										
											2021-06-05 23:41:11 +01:00
										 |  |  |         Py_BEGIN_ALLOW_THREADS | 
					
						
							| 
									
										
										
										
											2021-06-05 03:50:39 +01:00
										 |  |  |         sqlite3_finalize(self->st); | 
					
						
							| 
									
										
										
										
											2021-06-05 23:41:11 +01:00
										 |  |  |         Py_END_ALLOW_THREADS | 
					
						
							| 
									
										
										
										
											2021-06-05 03:50:39 +01:00
										 |  |  |         self->st = 0; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-05-25 19:43:56 +02:00
										 |  |  |     tp->tp_free(self); | 
					
						
							|  |  |  |     Py_DECREF(tp); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-05-25 19:43:56 +02:00
										 |  |  | static int | 
					
						
							| 
									
										
										
										
											2025-01-31 14:33:30 +01:00
										 |  |  | stmt_traverse(PyObject *self, visitproc visit, void *arg) | 
					
						
							| 
									
										
										
										
											2021-05-25 19:43:56 +02:00
										 |  |  | { | 
					
						
							|  |  |  |     Py_VISIT(Py_TYPE(self)); | 
					
						
							|  |  |  |     return 0; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |  * Strip leading whitespace and comments from incoming SQL (null terminated C | 
					
						
							|  |  |  |  * string) and return a pointer to the first non-whitespace, non-comment | 
					
						
							|  |  |  |  * character. | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |  * This is used to check if somebody tries to execute more than one SQL query | 
					
						
							|  |  |  |  * with one execute()/executemany() command, which the DB-API don't allow. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * It is also used to harden DML query detection. | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  | static inline const char * | 
					
						
							|  |  |  | lstrip_sql(const char *sql) | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |     // This loop is borrowed from the SQLite source code.
 | 
					
						
							|  |  |  |     for (const char *pos = sql; *pos; pos++) { | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |         switch (*pos) { | 
					
						
							|  |  |  |             case ' ': | 
					
						
							|  |  |  |             case '\t': | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |             case '\f': | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |             case '\n': | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |             case '\r': | 
					
						
							|  |  |  |                 // Skip whitespace.
 | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |                 break; | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |             case '-': | 
					
						
							|  |  |  |                 // Skip line comments.
 | 
					
						
							|  |  |  |                 if (pos[1] == '-') { | 
					
						
							|  |  |  |                     pos += 2; | 
					
						
							|  |  |  |                     while (pos[0] && pos[0] != '\n') { | 
					
						
							|  |  |  |                         pos++; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     if (pos[0] == '\0') { | 
					
						
							|  |  |  |                         return NULL; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     continue; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |                 } | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |                 return pos; | 
					
						
							|  |  |  |             case '/': | 
					
						
							|  |  |  |                 // Skip C style comments.
 | 
					
						
							|  |  |  |                 if (pos[1] == '*') { | 
					
						
							|  |  |  |                     pos += 2; | 
					
						
							|  |  |  |                     while (pos[0] && (pos[0] != '*' || pos[1] != '/')) { | 
					
						
							|  |  |  |                         pos++; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     if (pos[0] == '\0') { | 
					
						
							|  |  |  |                         return NULL; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                     pos++; | 
					
						
							|  |  |  |                     continue; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |                 } | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |                 return pos; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |             default: | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |                 return pos; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-06-14 13:56:36 +02:00
										 |  |  |     return NULL; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  | static PyType_Slot stmt_slots[] = { | 
					
						
							| 
									
										
										
										
											2021-05-25 19:43:56 +02:00
										 |  |  |     {Py_tp_dealloc, stmt_dealloc}, | 
					
						
							|  |  |  |     {Py_tp_traverse, stmt_traverse}, | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  |     {0, NULL}, | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static PyType_Spec stmt_spec = { | 
					
						
							|  |  |  |     .name = MODULE_NAME ".Statement", | 
					
						
							|  |  |  |     .basicsize = sizeof(pysqlite_Statement), | 
					
						
							| 
									
										
										
										
											2021-06-17 12:06:09 +02:00
										 |  |  |     .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | | 
					
						
							| 
									
										
										
										
											2021-06-20 21:24:32 +02:00
										 |  |  |               Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_DISALLOW_INSTANTIATION), | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  |     .slots = stmt_slots, | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-21 11:07:49 +01:00
										 |  |  | int | 
					
						
							|  |  |  | pysqlite_statement_setup_types(PyObject *module) | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2021-06-15 14:47:34 +02:00
										 |  |  |     PyObject *type = PyType_FromModuleAndSpec(module, &stmt_spec, NULL); | 
					
						
							|  |  |  |     if (type == NULL) { | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  |         return -1; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-06-15 14:47:34 +02:00
										 |  |  |     pysqlite_state *state = pysqlite_get_state(module); | 
					
						
							|  |  |  |     state->StatementType = (PyTypeObject *)type; | 
					
						
							| 
									
										
										
										
											2020-10-01 15:24:31 +02:00
										 |  |  |     return 0; | 
					
						
							| 
									
										
										
										
											2006-04-21 10:40:58 +00:00
										 |  |  | } |