static bool setMetaData(SQLiteDatabase& sqliteDatabase, const String& name, const String& version, int64_t& rowId)
{
    ASSERT(!name.isNull());
    ASSERT(!version.isNull());

    String sql = rowId != IDBDatabaseBackendImpl::InvalidId ? "UPDATE Databases SET name = ?, version = ? WHERE id = ?"
                                                            : "INSERT INTO Databases (name, description, version) VALUES (?, '', ?)";
    SQLiteStatement query(sqliteDatabase, sql);
    if (query.prepare() != SQLResultOk) {
        ASSERT_NOT_REACHED();
        return false;
    }

    query.bindText(1, name);
    query.bindText(2, version);
    if (rowId != IDBDatabaseBackendImpl::InvalidId)
        query.bindInt64(3, rowId);

    if (query.step() != SQLResultDone)
        return false;

    if (rowId == IDBDatabaseBackendImpl::InvalidId)
        rowId = sqliteDatabase.lastInsertRowID();

    return true;
}
Beispiel #2
0
static bool putObjectStoreData(SQLiteDatabase& db, IDBKey* key, SerializedScriptValue* value, int64_t objectStoreId, int64_t& dataRowId)
{
    String sql = dataRowId != IDBObjectStoreBackendImpl::InvalidId ? "UPDATE ObjectStoreData SET keyString = ?, keyDate = ?, keyNumber = ?, value = ? WHERE id = ?"
                                                                   : "INSERT INTO ObjectStoreData (keyString, keyDate, keyNumber, value, objectStoreId) VALUES (?, ?, ?, ?, ?)";
    SQLiteStatement query(db, sql);
    if (query.prepare() != SQLResultOk)
        return false;
    key->bindWithNulls(query, 1);
    query.bindText(4, value->toWireString());
    if (dataRowId != IDBDatabaseBackendImpl::InvalidId)
        query.bindInt64(5, dataRowId);
    else
        query.bindInt64(5, objectStoreId);

    if (query.step() != SQLResultDone)
        return false;

    if (dataRowId == IDBDatabaseBackendImpl::InvalidId)
        dataRowId = db.lastInsertRowID();

    return true;
}
bool SQLStatementBackend::execute(DatabaseBackend* db)
{
    ASSERT(!m_resultSet->isValid());

    // If we're re-running this statement after a quota violation, we need to clear that error now
    clearFailureDueToQuota();

    // This transaction might have been marked bad while it was being set up on the main thread,
    // so if there is still an error, return false.
    if (m_error)
        return false;

    db->setAuthorizerPermissions(m_permissions);

    SQLiteDatabase* database = &db->sqliteDatabase();

    SQLiteStatement statement(*database, m_statement);
    int result = statement.prepare();

    if (result != SQLResultOk) {
        WTF_LOG(StorageAPI, "Unable to verify correctness of statement %s - error %i (%s)", m_statement.ascii().data(), result, database->lastErrorMsg());
        if (result == SQLResultInterrupt)
            m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not prepare statement", result, "interrupted");
        else
            m_error = SQLErrorData::create(SQLError::SYNTAX_ERR, "could not prepare statement", result, database->lastErrorMsg());
        db->reportExecuteStatementResult(1, m_error->code(), result);
        return false;
    }

    // FIXME: If the statement uses the ?### syntax supported by sqlite, the bind parameter count is very likely off from the number of question marks.
    // If this is the case, they might be trying to do something fishy or malicious
    if (statement.bindParameterCount() != m_arguments.size()) {
        WTF_LOG(StorageAPI, "Bind parameter count doesn't match number of question marks");
        m_error = SQLErrorData::create(db->isInterrupted() ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, "number of '?'s in statement string does not match argument count");
        db->reportExecuteStatementResult(2, m_error->code(), 0);
        return false;
    }

    for (unsigned i = 0; i < m_arguments.size(); ++i) {
        result = statement.bindValue(i + 1, m_arguments[i]);
        if (result == SQLResultFull) {
            setFailureDueToQuota(db);
            return false;
        }

        if (result != SQLResultOk) {
            WTF_LOG(StorageAPI, "Failed to bind value index %i to statement for query '%s'", i + 1, m_statement.ascii().data());
            db->reportExecuteStatementResult(3, SQLError::DATABASE_ERR, result);
            m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not bind value", result, database->lastErrorMsg());
            return false;
        }
    }

    // Step so we can fetch the column names.
    result = statement.step();
    if (result == SQLResultRow) {
        int columnCount = statement.columnCount();
        SQLResultSetRowList* rows = m_resultSet->rows();

        for (int i = 0; i < columnCount; i++)
            rows->addColumn(statement.getColumnName(i));

        do {
            for (int i = 0; i < columnCount; i++)
                rows->addResult(statement.getColumnValue(i));

            result = statement.step();
        } while (result == SQLResultRow);

        if (result != SQLResultDone) {
            db->reportExecuteStatementResult(4, SQLError::DATABASE_ERR, result);
            m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not iterate results", result, database->lastErrorMsg());
            return false;
        }
    } else if (result == SQLResultDone) {
        // Didn't find anything, or was an insert
        if (db->lastActionWasInsert())
            m_resultSet->setInsertId(database->lastInsertRowID());
    } else if (result == SQLResultFull) {
        // Return the Quota error - the delegate will be asked for more space and this statement might be re-run
        setFailureDueToQuota(db);
        return false;
    } else if (result == SQLResultConstraint) {
        db->reportExecuteStatementResult(6, SQLError::CONSTRAINT_ERR, result);
        m_error = SQLErrorData::create(SQLError::CONSTRAINT_ERR, "could not execute statement due to a constaint failure", result, database->lastErrorMsg());
        return false;
    } else {
        db->reportExecuteStatementResult(5, SQLError::DATABASE_ERR, result);
        m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not execute statement", result, database->lastErrorMsg());
        return false;
    }

    // FIXME: If the spec allows triggers, and we want to be "accurate" in a different way, we'd use
    // sqlite3_total_changes() here instead of sqlite3_changed, because that includes rows modified from within a trigger
    // For now, this seems sufficient
    m_resultSet->setRowsAffected(database->lastChanges());

    db->reportExecuteStatementResult(0, -1, 0); // OK
    return true;
}
PassRefPtrWillBeRawPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionState& exceptionState)
{
    db->setAuthorizerPermissions(m_permissions);

    SQLiteDatabase* database = &db->sqliteDatabase();

    SQLiteStatement statement(*database, m_statement);
    int result = statement.prepare();
    if (result != SQLResultOk) {
        if (result == SQLResultInterrupt)
            exceptionState.throwDOMException(SQLDatabaseError, "Connection to the database interrupted.");
        else
            exceptionState.throwDOMException(SyntaxError, "Could not prepare statement.");
        db->setLastErrorMessage("could not prepare statement", result, database->lastErrorMsg());
        return nullptr;
    }

    if (statement.bindParameterCount() != m_arguments.size()) {
        if (db->isInterrupted())
            exceptionState.throwDOMException(SQLDatabaseError, "Connection to the database interrupted.");
        else
            exceptionState.throwDOMException(SyntaxError, "Number of '?'s in statement string (" + String::number(statement.bindParameterCount()) + ") does not match the arguments provided (" + String::number(m_arguments.size()) + ").");
        db->setLastErrorMessage("number of '?'s in statement string does not match argument count");
        return nullptr;
    }

    for (unsigned i = 0; i < m_arguments.size(); ++i) {
        result = statement.bindValue(i + 1, m_arguments[i]);
        if (result == SQLResultFull) {
            exceptionState.throwDOMException(QuotaExceededError, SQLError::quotaExceededErrorMessage);
            db->setLastErrorMessage("there was not enough remaining storage space");
            return nullptr;
        }

        if (result != SQLResultOk) {
            exceptionState.throwDOMException(SQLDatabaseError, "Could not bind value.");
            db->setLastErrorMessage("could not bind value", result, database->lastErrorMsg());
            return nullptr;
        }
    }

    RefPtrWillBeRawPtr<SQLResultSet> resultSet = SQLResultSet::create();

    // Step so we can fetch the column names.
    result = statement.step();
    if (result == SQLResultRow) {
        int columnCount = statement.columnCount();
        SQLResultSetRowList* rows = resultSet->rows();

        for (int i = 0; i < columnCount; i++)
            rows->addColumn(statement.getColumnName(i));

        do {
            for (int i = 0; i < columnCount; i++)
                rows->addResult(statement.getColumnValue(i));

            result = statement.step();
        } while (result == SQLResultRow);

        if (result != SQLResultDone) {
            exceptionState.throwDOMException(SQLDatabaseError, "Could not iterate results.");
            db->setLastErrorMessage("could not iterate results", result, database->lastErrorMsg());
            return nullptr;
        }
    } else if (result == SQLResultDone) {
        // Didn't find anything, or was an insert.
        if (db->lastActionWasInsert())
            resultSet->setInsertId(database->lastInsertRowID());
    } else if (result == SQLResultFull) {
        // Quota error, the delegate will be asked for more space and this statement might be re-run.
        exceptionState.throwDOMException(QuotaExceededError, SQLError::quotaExceededErrorMessage);
        db->setLastErrorMessage("there was not enough remaining storage space");
        return nullptr;
    } else if (result == SQLResultConstraint) {
        exceptionState.throwDOMException(ConstraintError, "A constraint was violated.");
        db->setLastErrorMessage("statement failed due to a constraint failure");
        return nullptr;
    } else {
        exceptionState.throwDOMException(SQLDatabaseError, "Could not execute statement.");
        db->setLastErrorMessage("could not execute statement", result, database->lastErrorMsg());
        return nullptr;
    }

    resultSet->setRowsAffected(database->lastChanges());
    return resultSet.release();
}
PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec)
{
    db->setAuthorizerPermissions(m_permissions);

    SQLiteDatabase* database = &db->sqliteDatabase();

    SQLiteStatement statement(*database, m_statement);
    int result = statement.prepare();
    if (result != SQLResultOk) {
        ec = (result == SQLResultInterrupt ? SQLException::DATABASE_ERR : SQLException::SYNTAX_ERR);
        db->setLastErrorMessage("could not prepare statement", result, database->lastErrorMsg());
        return 0;
    }

    if (statement.bindParameterCount() != m_arguments.size()) {
        ec = (db->isInterrupted()? SQLException::DATABASE_ERR : SQLException::SYNTAX_ERR);
        db->setLastErrorMessage("number of '?'s in statement string does not match argument count");
        return 0;
    }

    for (unsigned i = 0; i < m_arguments.size(); ++i) {
        result = statement.bindValue(i + 1, m_arguments[i]);
        if (result == SQLResultFull) {
            ec = SQLException::QUOTA_ERR;
            db->setLastErrorMessage("there was not enough remaining storage space");
            return 0;
        }

        if (result != SQLResultOk) {
            ec = SQLException::DATABASE_ERR;
            db->setLastErrorMessage("could not bind value", result, database->lastErrorMsg());
            return 0;
        }
    }

    RefPtr<SQLResultSet> resultSet = SQLResultSet::create();

    // Step so we can fetch the column names.
    result = statement.step();
    if (result == SQLResultRow) {
        int columnCount = statement.columnCount();
        SQLResultSetRowList* rows = resultSet->rows();

        for (int i = 0; i < columnCount; i++)
            rows->addColumn(statement.getColumnName(i));

        do {
            for (int i = 0; i < columnCount; i++)
                rows->addResult(statement.getColumnValue(i));

            result = statement.step();
        } while (result == SQLResultRow);

        if (result != SQLResultDone) {
            ec = SQLException::DATABASE_ERR;
            db->setLastErrorMessage("could not iterate results", result, database->lastErrorMsg());
            return 0;
        }
    } else if (result == SQLResultDone) {
        // Didn't find anything, or was an insert.
        if (db->lastActionWasInsert())
            resultSet->setInsertId(database->lastInsertRowID());
    } else if (result == SQLResultFull) {
        // Quota error, the delegate will be asked for more space and this statement might be re-run.
        ec = SQLException::QUOTA_ERR;
        db->setLastErrorMessage("there was not enough remaining storage space");
        return 0;
    } else if (result == SQLResultConstraint) {
        ec = SQLException::CONSTRAINT_ERR;
        db->setLastErrorMessage("statement failed due to a constraint failure");
        return 0;
    } else {
        ec = SQLException::DATABASE_ERR;
        db->setLastErrorMessage("could not execute statement", result, database->lastErrorMsg());
        return 0;
    }

    resultSet->setRowsAffected(database->lastChanges());
    return resultSet.release();
}