080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/inc/ispyTables.h src/hg/inc/ispyTables.h index 60020a8..f9cd45d 100644 --- src/hg/inc/ispyTables.h +++ src/hg/inc/ispyTables.h @@ -40,42 +40,31 @@ /* Load all patient from tab separated file. * Dispose of this with patientFreeList(). */ struct patient *patientLoadByQuery(struct sqlConnection *conn, char *query); /* Load all patient from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with patientFreeList(). */ void patientSaveToDb(struct sqlConnection *conn, struct patient *el, char *tableName, int updateSize); /* Save patient as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use patientSaveToDbEscaped() */ - -void patientSaveToDbEscaped(struct sqlConnection *conn, struct patient *el, char *tableName, int updateSize); -/* Save patient as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than patientSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct patient *patientCommaIn(char **pS, struct patient *ret); /* Create a patient out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new patient */ void patientFree(struct patient **pEl); /* Free a single dynamically allocated patient such as created * with patientLoad(). */ void patientFreeList(struct patient **pList); /* Free a list of dynamically allocated patient's */ void patientOutput(struct patient *el, FILE *f, char sep, char lastSep); /* Print out patient. Separate fields with sep. Follow last field with lastSep. */ @@ -122,42 +111,31 @@ /* Load all patientInfo from tab separated file. * Dispose of this with patientInfoFreeList(). */ struct patientInfo *patientInfoLoadByQuery(struct sqlConnection *conn, char *query); /* Load all patientInfo from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with patientInfoFreeList(). */ void patientInfoSaveToDb(struct sqlConnection *conn, struct patientInfo *el, char *tableName, int updateSize); /* Save patientInfo as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use patientInfoSaveToDbEscaped() */ - -void patientInfoSaveToDbEscaped(struct sqlConnection *conn, struct patientInfo *el, char *tableName, int updateSize); -/* Save patientInfo as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than patientInfoSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct patientInfo *patientInfoCommaIn(char **pS, struct patientInfo *ret); /* Create a patientInfo out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new patientInfo */ void patientInfoFree(struct patientInfo **pEl); /* Free a single dynamically allocated patientInfo such as created * with patientInfoLoad(). */ void patientInfoFreeList(struct patientInfo **pList); /* Free a list of dynamically allocated patientInfo's */ void patientInfoOutput(struct patientInfo *el, FILE *f, char sep, char lastSep); /* Print out patientInfo. Separate fields with sep. Follow last field with lastSep. */ @@ -203,42 +181,31 @@ /* Load all chemo from tab separated file. * Dispose of this with chemoFreeList(). */ struct chemo *chemoLoadByQuery(struct sqlConnection *conn, char *query); /* Load all chemo from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with chemoFreeList(). */ void chemoSaveToDb(struct sqlConnection *conn, struct chemo *el, char *tableName, int updateSize); /* Save chemo as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use chemoSaveToDbEscaped() */ - -void chemoSaveToDbEscaped(struct sqlConnection *conn, struct chemo *el, char *tableName, int updateSize); -/* Save chemo as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than chemoSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct chemo *chemoCommaIn(char **pS, struct chemo *ret); /* Create a chemo out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new chemo */ void chemoFree(struct chemo **pEl); /* Free a single dynamically allocated chemo such as created * with chemoLoad(). */ void chemoFreeList(struct chemo **pList); /* Free a list of dynamically allocated chemo's */ void chemoOutput(struct chemo *el, FILE *f, char sep, char lastSep); /* Print out chemo. Separate fields with sep. Follow last field with lastSep. */ @@ -290,42 +257,31 @@ /* Load all onStudy from tab separated file. * Dispose of this with onStudyFreeList(). */ struct onStudy *onStudyLoadByQuery(struct sqlConnection *conn, char *query); /* Load all onStudy from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with onStudyFreeList(). */ void onStudySaveToDb(struct sqlConnection *conn, struct onStudy *el, char *tableName, int updateSize); /* Save onStudy as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use onStudySaveToDbEscaped() */ - -void onStudySaveToDbEscaped(struct sqlConnection *conn, struct onStudy *el, char *tableName, int updateSize); -/* Save onStudy as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than onStudySaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct onStudy *onStudyCommaIn(char **pS, struct onStudy *ret); /* Create a onStudy out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new onStudy */ void onStudyFree(struct onStudy **pEl); /* Free a single dynamically allocated onStudy such as created * with onStudyLoad(). */ void onStudyFreeList(struct onStudy **pList); /* Free a list of dynamically allocated onStudy's */ void onStudyOutput(struct onStudy *el, FILE *f, char sep, char lastSep); /* Print out onStudy. Separate fields with sep. Follow last field with lastSep. */ @@ -377,42 +333,31 @@ /* Load all postSurgery from tab separated file. * Dispose of this with postSurgeryFreeList(). */ struct postSurgery *postSurgeryLoadByQuery(struct sqlConnection *conn, char *query); /* Load all postSurgery from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with postSurgeryFreeList(). */ void postSurgerySaveToDb(struct sqlConnection *conn, struct postSurgery *el, char *tableName, int updateSize); /* Save postSurgery as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use postSurgerySaveToDbEscaped() */ - -void postSurgerySaveToDbEscaped(struct sqlConnection *conn, struct postSurgery *el, char *tableName, int updateSize); -/* Save postSurgery as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than postSurgerySaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct postSurgery *postSurgeryCommaIn(char **pS, struct postSurgery *ret); /* Create a postSurgery out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new postSurgery */ void postSurgeryFree(struct postSurgery **pEl); /* Free a single dynamically allocated postSurgery such as created * with postSurgeryLoad(). */ void postSurgeryFreeList(struct postSurgery **pList); /* Free a list of dynamically allocated postSurgery's */ void postSurgeryOutput(struct postSurgery *el, FILE *f, char sep, char lastSep); /* Print out postSurgery. Separate fields with sep. Follow last field with lastSep. */ @@ -460,42 +405,31 @@ /* Load all followUp from tab separated file. * Dispose of this with followUpFreeList(). */ struct followUp *followUpLoadByQuery(struct sqlConnection *conn, char *query); /* Load all followUp from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with followUpFreeList(). */ void followUpSaveToDb(struct sqlConnection *conn, struct followUp *el, char *tableName, int updateSize); /* Save followUp as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use followUpSaveToDbEscaped() */ - -void followUpSaveToDbEscaped(struct sqlConnection *conn, struct followUp *el, char *tableName, int updateSize); -/* Save followUp as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than followUpSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct followUp *followUpCommaIn(char **pS, struct followUp *ret); /* Create a followUp out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new followUp */ void followUpFree(struct followUp **pEl); /* Free a single dynamically allocated followUp such as created * with followUpLoad(). */ void followUpFreeList(struct followUp **pList); /* Free a list of dynamically allocated followUp's */ void followUpOutput(struct followUp *el, FILE *f, char sep, char lastSep); /* Print out followUp. Separate fields with sep. Follow last field with lastSep. */ @@ -544,42 +478,31 @@ /* Load all respEval from tab separated file. * Dispose of this with respEvalFreeList(). */ struct respEval *respEvalLoadByQuery(struct sqlConnection *conn, char *query); /* Load all respEval from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with respEvalFreeList(). */ void respEvalSaveToDb(struct sqlConnection *conn, struct respEval *el, char *tableName, int updateSize); /* Save respEval as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use respEvalSaveToDbEscaped() */ - -void respEvalSaveToDbEscaped(struct sqlConnection *conn, struct respEval *el, char *tableName, int updateSize); -/* Save respEval as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than respEvalSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct respEval *respEvalCommaIn(char **pS, struct respEval *ret); /* Create a respEval out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new respEval */ void respEvalFree(struct respEval **pEl); /* Free a single dynamically allocated respEval such as created * with respEvalLoad(). */ void respEvalFreeList(struct respEval **pList); /* Free a list of dynamically allocated respEval's */ void respEvalOutput(struct respEval *el, FILE *f, char sep, char lastSep); /* Print out respEval. Separate fields with sep. Follow last field with lastSep. */ @@ -638,42 +561,31 @@ /* Load all mr from tab separated file. * Dispose of this with mrFreeList(). */ struct mr *mrLoadByQuery(struct sqlConnection *conn, char *query); /* Load all mr from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with mrFreeList(). */ void mrSaveToDb(struct sqlConnection *conn, struct mr *el, char *tableName, int updateSize); /* Save mr as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use mrSaveToDbEscaped() */ - -void mrSaveToDbEscaped(struct sqlConnection *conn, struct mr *el, char *tableName, int updateSize); -/* Save mr as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than mrSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct mr *mrCommaIn(char **pS, struct mr *ret); /* Create a mr out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new mr */ void mrFree(struct mr **pEl); /* Free a single dynamically allocated mr such as created * with mrLoad(). */ void mrFreeList(struct mr **pList); /* Free a list of dynamically allocated mr's */ void mrOutput(struct mr *el, FILE *f, char sep, char lastSep); /* Print out mr. Separate fields with sep. Follow last field with lastSep. */ @@ -717,42 +629,31 @@ /* Load all cdna from tab separated file. * Dispose of this with cdnaFreeList(). */ struct cdna *cdnaLoadByQuery(struct sqlConnection *conn, char *query); /* Load all cdna from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with cdnaFreeList(). */ void cdnaSaveToDb(struct sqlConnection *conn, struct cdna *el, char *tableName, int updateSize); /* Save cdna as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use cdnaSaveToDbEscaped() */ - -void cdnaSaveToDbEscaped(struct sqlConnection *conn, struct cdna *el, char *tableName, int updateSize); -/* Save cdna as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than cdnaSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct cdna *cdnaCommaIn(char **pS, struct cdna *ret); /* Create a cdna out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new cdna */ void cdnaFree(struct cdna **pEl); /* Free a single dynamically allocated cdna such as created * with cdnaLoad(). */ void cdnaFreeList(struct cdna **pList); /* Free a list of dynamically allocated cdna's */ void cdnaOutput(struct cdna *el, FILE *f, char sep, char lastSep); /* Print out cdna. Separate fields with sep. Follow last field with lastSep. */ @@ -796,42 +697,31 @@ /* Load all agi from tab separated file. * Dispose of this with agiFreeList(). */ struct agi *agiLoadByQuery(struct sqlConnection *conn, char *query); /* Load all agi from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with agiFreeList(). */ void agiSaveToDb(struct sqlConnection *conn, struct agi *el, char *tableName, int updateSize); /* Save agi as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use agiSaveToDbEscaped() */ - -void agiSaveToDbEscaped(struct sqlConnection *conn, struct agi *el, char *tableName, int updateSize); -/* Save agi as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than agiSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct agi *agiCommaIn(char **pS, struct agi *ret); /* Create a agi out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new agi */ void agiFree(struct agi **pEl); /* Free a single dynamically allocated agi such as created * with agiLoad(). */ void agiFreeList(struct agi **pList); /* Free a list of dynamically allocated agi's */ void agiOutput(struct agi *el, FILE *f, char sep, char lastSep); /* Print out agi. Separate fields with sep. Follow last field with lastSep. */ @@ -875,42 +765,31 @@ /* Load all ihc from tab separated file. * Dispose of this with ihcFreeList(). */ struct ihc *ihcLoadByQuery(struct sqlConnection *conn, char *query); /* Load all ihc from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with ihcFreeList(). */ void ihcSaveToDb(struct sqlConnection *conn, struct ihc *el, char *tableName, int updateSize); /* Save ihc as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use ihcSaveToDbEscaped() */ - -void ihcSaveToDbEscaped(struct sqlConnection *conn, struct ihc *el, char *tableName, int updateSize); -/* Save ihc as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than ihcSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct ihc *ihcCommaIn(char **pS, struct ihc *ret); /* Create a ihc out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new ihc */ void ihcFree(struct ihc **pEl); /* Free a single dynamically allocated ihc such as created * with ihcLoad(). */ void ihcFreeList(struct ihc **pList); /* Free a list of dynamically allocated ihc's */ void ihcOutput(struct ihc *el, FILE *f, char sep, char lastSep); /* Print out ihc. Separate fields with sep. Follow last field with lastSep. */ @@ -954,42 +833,31 @@ /* Load all fish from tab separated file. * Dispose of this with fishFreeList(). */ struct fish *fishLoadByQuery(struct sqlConnection *conn, char *query); /* Load all fish from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with fishFreeList(). */ void fishSaveToDb(struct sqlConnection *conn, struct fish *el, char *tableName, int updateSize); /* Save fish as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use fishSaveToDbEscaped() */ - -void fishSaveToDbEscaped(struct sqlConnection *conn, struct fish *el, char *tableName, int updateSize); -/* Save fish as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than fishSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct fish *fishCommaIn(char **pS, struct fish *ret); /* Create a fish out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new fish */ void fishFree(struct fish **pEl); /* Free a single dynamically allocated fish such as created * with fishLoad(). */ void fishFreeList(struct fish **pList); /* Free a list of dynamically allocated fish's */ void fishOutput(struct fish *el, FILE *f, char sep, char lastSep); /* Print out fish. Separate fields with sep. Follow last field with lastSep. */ @@ -1033,42 +901,31 @@ /* Load all labTrack from tab separated file. * Dispose of this with labTrackFreeList(). */ struct labTrack *labTrackLoadByQuery(struct sqlConnection *conn, char *query); /* Load all labTrack from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with labTrackFreeList(). */ void labTrackSaveToDb(struct sqlConnection *conn, struct labTrack *el, char *tableName, int updateSize); /* Save labTrack as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use labTrackSaveToDbEscaped() */ - -void labTrackSaveToDbEscaped(struct sqlConnection *conn, struct labTrack *el, char *tableName, int updateSize); -/* Save labTrack as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than labTrackSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct labTrack *labTrackCommaIn(char **pS, struct labTrack *ret); /* Create a labTrack out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new labTrack */ void labTrackFree(struct labTrack **pEl); /* Free a single dynamically allocated labTrack such as created * with labTrackLoad(). */ void labTrackFreeList(struct labTrack **pList); /* Free a list of dynamically allocated labTrack's */ void labTrackOutput(struct labTrack *el, FILE *f, char sep, char lastSep); /* Print out labTrack. Separate fields with sep. Follow last field with lastSep. */