080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/inc/gv.h src/hg/inc/gv.h index c6c29fa..50ff0cf 100644 --- src/hg/inc/gv.h +++ src/hg/inc/gv.h @@ -43,42 +43,31 @@ /* Load all gv from tab separated file. * Dispose of this with gvFreeList(). */ struct gv *gvLoadByQuery(struct sqlConnection *conn, char *query); /* Load all gv from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with gvFreeList(). */ void gvSaveToDb(struct sqlConnection *conn, struct gv *el, char *tableName, int updateSize); /* Save gv as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use gvSaveToDbEscaped() */ - -void gvSaveToDbEscaped(struct sqlConnection *conn, struct gv *el, char *tableName, int updateSize); -/* Save gv as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than gvSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct gv *gvCommaIn(char **pS, struct gv *ret); /* Create a gv out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new gv */ void gvFree(struct gv **pEl); /* Free a single dynamically allocated gv such as created * with gvLoad(). */ void gvFreeList(struct gv **pList); /* Free a list of dynamically allocated gv's */ void gvOutput(struct gv *el, FILE *f, char sep, char lastSep); /* Print out gv. Separate fields with sep. Follow last field with lastSep. */ @@ -125,42 +114,31 @@ /* Load all gvPos from tab separated file. * Dispose of this with gvPosFreeList(). */ struct gvPos *gvPosLoadByQuery(struct sqlConnection *conn, char *query); /* Load all gvPos from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with gvPosFreeList(). */ void gvPosSaveToDb(struct sqlConnection *conn, struct gvPos *el, char *tableName, int updateSize); /* Save gvPos as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use gvPosSaveToDbEscaped() */ - -void gvPosSaveToDbEscaped(struct sqlConnection *conn, struct gvPos *el, char *tableName, int updateSize); -/* Save gvPos as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than gvPosSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct gvPos *gvPosCommaIn(char **pS, struct gvPos *ret); /* Create a gvPos out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new gvPos */ void gvPosFree(struct gvPos **pEl); /* Free a single dynamically allocated gvPos such as created * with gvPosLoad(). */ void gvPosFreeList(struct gvPos **pList); /* Free a list of dynamically allocated gvPos's */ void gvPosOutput(struct gvPos *el, FILE *f, char sep, char lastSep); /* Print out gvPos. Separate fields with sep. Follow last field with lastSep. */ @@ -202,42 +180,31 @@ /* Load all gvSrc from tab separated file. * Dispose of this with gvSrcFreeList(). */ struct gvSrc *gvSrcLoadByQuery(struct sqlConnection *conn, char *query); /* Load all gvSrc from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with gvSrcFreeList(). */ void gvSrcSaveToDb(struct sqlConnection *conn, struct gvSrc *el, char *tableName, int updateSize); /* Save gvSrc as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use gvSrcSaveToDbEscaped() */ - -void gvSrcSaveToDbEscaped(struct sqlConnection *conn, struct gvSrc *el, char *tableName, int updateSize); -/* Save gvSrc as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than gvSrcSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct gvSrc *gvSrcCommaIn(char **pS, struct gvSrc *ret); /* Create a gvSrc out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new gvSrc */ void gvSrcFree(struct gvSrc **pEl); /* Free a single dynamically allocated gvSrc such as created * with gvSrcLoad(). */ void gvSrcFreeList(struct gvSrc **pList); /* Free a list of dynamically allocated gvSrc's */ void gvSrcOutput(struct gvSrc *el, FILE *f, char sep, char lastSep); /* Print out gvSrc. Separate fields with sep. Follow last field with lastSep. */ @@ -279,42 +246,31 @@ /* Load all gvAttr from tab separated file. * Dispose of this with gvAttrFreeList(). */ struct gvAttr *gvAttrLoadByQuery(struct sqlConnection *conn, char *query); /* Load all gvAttr from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with gvAttrFreeList(). */ void gvAttrSaveToDb(struct sqlConnection *conn, struct gvAttr *el, char *tableName, int updateSize); /* Save gvAttr as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use gvAttrSaveToDbEscaped() */ - -void gvAttrSaveToDbEscaped(struct sqlConnection *conn, struct gvAttr *el, char *tableName, int updateSize); -/* Save gvAttr as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than gvAttrSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct gvAttr *gvAttrCommaIn(char **pS, struct gvAttr *ret); /* Create a gvAttr out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new gvAttr */ void gvAttrFree(struct gvAttr **pEl); /* Free a single dynamically allocated gvAttr such as created * with gvAttrLoad(). */ void gvAttrFreeList(struct gvAttr **pList); /* Free a list of dynamically allocated gvAttr's */ void gvAttrOutput(struct gvAttr *el, FILE *f, char sep, char lastSep); /* Print out gvAttr. Separate fields with sep. Follow last field with lastSep. */ @@ -358,42 +314,31 @@ /* Load all gvLink from tab separated file. * Dispose of this with gvLinkFreeList(). */ struct gvLink *gvLinkLoadByQuery(struct sqlConnection *conn, char *query); /* Load all gvLink from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with gvLinkFreeList(). */ void gvLinkSaveToDb(struct sqlConnection *conn, struct gvLink *el, char *tableName, int updateSize); /* Save gvLink as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use gvLinkSaveToDbEscaped() */ - -void gvLinkSaveToDbEscaped(struct sqlConnection *conn, struct gvLink *el, char *tableName, int updateSize); -/* Save gvLink as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than gvLinkSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct gvLink *gvLinkCommaIn(char **pS, struct gvLink *ret); /* Create a gvLink out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new gvLink */ void gvLinkFree(struct gvLink **pEl); /* Free a single dynamically allocated gvLink such as created * with gvLinkLoad(). */ void gvLinkFreeList(struct gvLink **pList); /* Free a list of dynamically allocated gvLink's */ void gvLinkOutput(struct gvLink *el, FILE *f, char sep, char lastSep); /* Print out gvLink. Separate fields with sep. Follow last field with lastSep. */ @@ -435,42 +380,31 @@ /* Load all gvAttrLong from tab separated file. * Dispose of this with gvAttrLongFreeList(). */ struct gvAttrLong *gvAttrLongLoadByQuery(struct sqlConnection *conn, char *query); /* Load all gvAttrLong from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with gvAttrLongFreeList(). */ void gvAttrLongSaveToDb(struct sqlConnection *conn, struct gvAttrLong *el, char *tableName, int updateSize); /* Save gvAttrLong as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use gvAttrLongSaveToDbEscaped() */ - -void gvAttrLongSaveToDbEscaped(struct sqlConnection *conn, struct gvAttrLong *el, char *tableName, int updateSize); -/* Save gvAttrLong as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than gvAttrLongSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct gvAttrLong *gvAttrLongCommaIn(char **pS, struct gvAttrLong *ret); /* Create a gvAttrLong out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new gvAttrLong */ void gvAttrLongFree(struct gvAttrLong **pEl); /* Free a single dynamically allocated gvAttrLong such as created * with gvAttrLongLoad(). */ void gvAttrLongFreeList(struct gvAttrLong **pList); /* Free a list of dynamically allocated gvAttrLong's */ void gvAttrLongOutput(struct gvAttrLong *el, FILE *f, char sep, char lastSep); /* Print out gvAttrLong. Separate fields with sep. Follow last field with lastSep. */