void doSearch(struct sqlConnection *conn, struct column *colList) /* Search. If result is unambiguous call displayData, otherwise * put up a page of choices. */ { char *search = cartString(cart, searchVarName); char *escSearch = makeEscapedString(trimSpaces(search), '\''); struct genePos *accList; accList = findKnownAccessions(conn, escSearch); if (accList != NULL) { if (slCount(accList) == 1 || !sameString(groupOn, "position")) displayData(conn, colList, accList); else { struct genePos *acc; hPrintf("%s maps to %d positions, please pick one below:<BR>\n", search, slCount(accList)); for (acc = accList; acc != NULL; acc = acc->next) { hPrintf(" "); selfAnchorSearch(acc); hPrintf("%s:%d-%d</A><BR>\n", acc->chrom, acc->start+1, acc->end); } } } else { searchAllColumns(conn, colList, escSearch); } freez(&escSearch); }
static void escapeTermRegex(struct hgFindSpec *hfs) /* Escape any '\' characters in termRegex for sql storage. */ { if (isNotEmpty(hfs->termRegex)) { char *orig = hfs->termRegex; hfs->termRegex = makeEscapedString(orig, '\\'); freeMem(orig); } }
void webTableBuildQuery(struct cart *cart, char *from, char *initialWhere, char *varPrefix, char *fields, boolean withFilters, struct dyString **retQuery, struct dyString **retWhere) /* Construct select, from and where clauses in query, keeping an additional copy of where * Returns the SQL query and the SQL where expression as two dyStrings (need to be freed) */ { struct dyString *query = dyStringNew(0); struct dyString *where = dyStringNew(0); struct slName *field, *fieldList = commaSepToSlNames(fields); boolean gotWhere = FALSE; sqlDyStringPrintf(query, "%s", ""); // TODO check with Galt on how to get reasonable checking back. dyStringPrintf(query, "select %s from %s", fields, from); if (!isEmpty(initialWhere)) { dyStringPrintf(where, " where "); sqlSanityCheckWhere(initialWhere, where); gotWhere = TRUE; } /* If we're doing filters, have to loop through the row of filter controls */ if (withFilters) { for (field = fieldList; field != NULL; field = field->next) { char varName[128]; safef(varName, sizeof(varName), "%s_f_%s", varPrefix, field->name); char *val = trimSpaces(cartUsualString(cart, varName, "")); if (!isEmpty(val)) { if (gotWhere) dyStringPrintf(where, " and "); else { dyStringPrintf(where, " where "); gotWhere = TRUE; } if (anyWild(val)) { char *converted = sqlLikeFromWild(val); char *escaped = makeEscapedString(converted, '"'); dyStringPrintf(where, "%s like \"%s\"", field->name, escaped); freez(&escaped); freez(&converted); } else if (val[0] == '>' || val[0] == '<') { char *remaining = val+1; if (remaining[0] == '=') remaining += 1; remaining = skipLeadingSpaces(remaining); if (isNumericString(remaining)) dyStringPrintf(where, "%s %s", field->name, val); else { warn("Filter for %s doesn't parse: %s", field->name, val); dyStringPrintf(where, "%s is not null", field->name); // Let query continue } } else { char *escaped = makeEscapedString(val, '"'); dyStringPrintf(where, "%s = \"%s\"", field->name, escaped); freez(&escaped); } } } } dyStringAppend(query, where->string); /* We do order here so as to keep order when working with tables bigger than a page. */ char orderVar[256]; safef(orderVar, sizeof(orderVar), "%s_order", varPrefix); char *orderFields = cartUsualString(cart, orderVar, ""); if (!isEmpty(orderFields)) { if (orderFields[0] == '-') dyStringPrintf(query, " order by %s desc", orderFields+1); else dyStringPrintf(query, " order by %s", orderFields); } // return query and where expression *retQuery = query; *retWhere = where; }