080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/inc/omicia.h src/hg/inc/omicia.h index d9dfa49..cfe84f6 100644 --- src/hg/inc/omicia.h +++ src/hg/inc/omicia.h @@ -44,42 +44,31 @@ /* Load all omiciaAuto from tab separated file. * Dispose of this with omiciaAutoFreeList(). */ struct omiciaAuto *omiciaAutoLoadByQuery(struct sqlConnection *conn, char *query); /* Load all omiciaAuto from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with omiciaAutoFreeList(). */ void omiciaAutoSaveToDb(struct sqlConnection *conn, struct omiciaAuto *el, char *tableName, int updateSize); /* Save omiciaAuto as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use omiciaAutoSaveToDbEscaped() */ - -void omiciaAutoSaveToDbEscaped(struct sqlConnection *conn, struct omiciaAuto *el, char *tableName, int updateSize); -/* Save omiciaAuto as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than omiciaAutoSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct omiciaAuto *omiciaAutoCommaIn(char **pS, struct omiciaAuto *ret); /* Create a omiciaAuto out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new omiciaAuto */ void omiciaAutoFree(struct omiciaAuto **pEl); /* Free a single dynamically allocated omiciaAuto such as created * with omiciaAutoLoad(). */ void omiciaAutoFreeList(struct omiciaAuto **pList); /* Free a list of dynamically allocated omiciaAuto's */ void omiciaAutoOutput(struct omiciaAuto *el, FILE *f, char sep, char lastSep); /* Print out omiciaAuto. Separate fields with sep. Follow last field with lastSep. */ @@ -125,42 +114,31 @@ /* Load all omiciaHand from tab separated file. * Dispose of this with omiciaHandFreeList(). */ struct omiciaHand *omiciaHandLoadByQuery(struct sqlConnection *conn, char *query); /* Load all omiciaHand from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with omiciaHandFreeList(). */ void omiciaHandSaveToDb(struct sqlConnection *conn, struct omiciaHand *el, char *tableName, int updateSize); /* Save omiciaHand as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use omiciaHandSaveToDbEscaped() */ - -void omiciaHandSaveToDbEscaped(struct sqlConnection *conn, struct omiciaHand *el, char *tableName, int updateSize); -/* Save omiciaHand as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than omiciaHandSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct omiciaHand *omiciaHandCommaIn(char **pS, struct omiciaHand *ret); /* Create a omiciaHand out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new omiciaHand */ void omiciaHandFree(struct omiciaHand **pEl); /* Free a single dynamically allocated omiciaHand such as created * with omiciaHandLoad(). */ void omiciaHandFreeList(struct omiciaHand **pList); /* Free a list of dynamically allocated omiciaHand's */ void omiciaHandOutput(struct omiciaHand *el, FILE *f, char sep, char lastSep); /* Print out omiciaHand. Separate fields with sep. Follow last field with lastSep. */ @@ -204,42 +182,31 @@ /* Load all omiciaLink from tab separated file. * Dispose of this with omiciaLinkFreeList(). */ struct omiciaLink *omiciaLinkLoadByQuery(struct sqlConnection *conn, char *query); /* Load all omiciaLink from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with omiciaLinkFreeList(). */ void omiciaLinkSaveToDb(struct sqlConnection *conn, struct omiciaLink *el, char *tableName, int updateSize); /* Save omiciaLink as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use omiciaLinkSaveToDbEscaped() */ - -void omiciaLinkSaveToDbEscaped(struct sqlConnection *conn, struct omiciaLink *el, char *tableName, int updateSize); -/* Save omiciaLink as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than omiciaLinkSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct omiciaLink *omiciaLinkCommaIn(char **pS, struct omiciaLink *ret); /* Create a omiciaLink out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new omiciaLink */ void omiciaLinkFree(struct omiciaLink **pEl); /* Free a single dynamically allocated omiciaLink such as created * with omiciaLinkLoad(). */ void omiciaLinkFreeList(struct omiciaLink **pList); /* Free a list of dynamically allocated omiciaLink's */ void omiciaLinkOutput(struct omiciaLink *el, FILE *f, char sep, char lastSep); /* Print out omiciaLink. Separate fields with sep. Follow last field with lastSep. */ @@ -281,42 +248,31 @@ /* Load all omiciaAttr from tab separated file. * Dispose of this with omiciaAttrFreeList(). */ struct omiciaAttr *omiciaAttrLoadByQuery(struct sqlConnection *conn, char *query); /* Load all omiciaAttr from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with omiciaAttrFreeList(). */ void omiciaAttrSaveToDb(struct sqlConnection *conn, struct omiciaAttr *el, char *tableName, int updateSize); /* Save omiciaAttr as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are - * inserted as NULL. Note that strings must be escaped to allow insertion into the database. - * For example "autosql's features include" --> "autosql\'s features include" - * If worried about this use omiciaAttrSaveToDbEscaped() */ - -void omiciaAttrSaveToDbEscaped(struct sqlConnection *conn, struct omiciaAttr *el, char *tableName, int updateSize); -/* Save omiciaAttr as a row to the table specified by tableName. - * As blob fields may be arbitrary size updateSize specifies the approx size. - * of a string that would contain the entire query. Automatically - * escapes all simple strings (not arrays of string) but may be slower than omiciaAttrSaveToDb(). - * For example automatically copies and converts: - * "autosql's features include" --> "autosql\'s features include" - * before inserting into database. */ + * inserted as NULL. Strings are automatically escaped to allow insertion into the database. */ struct omiciaAttr *omiciaAttrCommaIn(char **pS, struct omiciaAttr *ret); /* Create a omiciaAttr out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new omiciaAttr */ void omiciaAttrFree(struct omiciaAttr **pEl); /* Free a single dynamically allocated omiciaAttr such as created * with omiciaAttrLoad(). */ void omiciaAttrFreeList(struct omiciaAttr **pList); /* Free a list of dynamically allocated omiciaAttr's */ void omiciaAttrOutput(struct omiciaAttr *el, FILE *f, char sep, char lastSep); /* Print out omiciaAttr. Separate fields with sep. Follow last field with lastSep. */