void V8SQLResultSetRowList::itemMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& info) { ExceptionState exceptionState(ExceptionState::ExecutionContext, "item", "SQLResultSetRowList", info.Holder(), info.GetIsolate()); if (!info.Length()) { exceptionState.throwDOMException(SyntaxError, ExceptionMessages::notEnoughArguments(1, 0)); exceptionState.throwIfNeeded(); return; } if (!info[0]->IsNumber()) { exceptionState.throwTypeError("The index provided is not a number."); exceptionState.throwIfNeeded(); return; } SQLResultSetRowList* rowList = V8SQLResultSetRowList::toNative(info.Holder()); unsigned long index = info[0]->IntegerValue(); if (index >= rowList->length()) { exceptionState.throwDOMException(IndexSizeError, ExceptionMessages::indexExceedsMaximumBound<unsigned>("index", index, rowList->length())); exceptionState.throwIfNeeded(); return; } v8::Local<v8::Object> item = v8::Object::New(info.GetIsolate()); unsigned numColumns = rowList->columnNames().size(); unsigned valuesIndex = index * numColumns; for (unsigned i = 0; i < numColumns; ++i) { const SQLValue& sqlValue = rowList->values()[valuesIndex + i]; v8::Handle<v8::Value> value; switch(sqlValue.type()) { case SQLValue::StringValue: value = v8String(info.GetIsolate(), sqlValue.string()); break; case SQLValue::NullValue: value = v8::Null(info.GetIsolate()); break; case SQLValue::NumberValue: value = v8::Number::New(info.GetIsolate(), sqlValue.number()); break; default: ASSERT_NOT_REACHED(); } item->Set(v8String(info.GetIsolate(), rowList->columnNames()[i]), value, static_cast<v8::PropertyAttribute>(v8::DontDelete | v8::ReadOnly)); } v8SetReturnValue(info, item); }
v8::Handle<v8::Value> V8SQLResultSetRowList::itemCallback(const v8::Arguments& args) { INC_STATS("DOM.SQLResultSetRowList.item()"); if (args.Length() == 0) { V8Proxy::throwError(V8Proxy::SyntaxError, "Item index is required."); return v8::Undefined(); } if (!args[0]->IsNumber()) { V8Proxy::throwError(V8Proxy::TypeError, "Item index must be a number."); return v8::Undefined(); } SQLResultSetRowList* rowList = V8SQLResultSetRowList::toNative(args.Holder()); unsigned long index = args[0]->IntegerValue(); if (index >= rowList->length()) { V8Proxy::throwError(V8Proxy::RangeError, "Item index is out of range."); return v8::Undefined(); } v8::Local<v8::Object> item = v8::Object::New(); unsigned numColumns = rowList->columnNames().size(); unsigned valuesIndex = index * numColumns; for (unsigned i = 0; i < numColumns; ++i) { const SQLValue& sqlValue = rowList->values()[valuesIndex + i]; v8::Handle<v8::Value> value; switch(sqlValue.type()) { case SQLValue::StringValue: value = v8String(sqlValue.string()); break; case SQLValue::NullValue: value = v8::Null(); break; case SQLValue::NumberValue: value = v8::Number::New(sqlValue.number()); break; default: ASSERT_NOT_REACHED(); } item->Set(v8String(rowList->columnNames()[i]), value, static_cast<v8::PropertyAttribute>(v8::DontDelete|v8::ReadOnly)); } return item; }
void V8SQLResultSetRowList::itemMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args) { if (!args.Length()) { throwError(v8SyntaxError, "Item index is required.", args.GetIsolate()); return; } if (!args[0]->IsNumber()) { throwTypeError("Item index must be a number.", args.GetIsolate()); return; } SQLResultSetRowList* rowList = V8SQLResultSetRowList::toNative(args.Holder()); unsigned long index = args[0]->IntegerValue(); if (index >= rowList->length()) { throwError(v8RangeError, "Item index is out of range.", args.GetIsolate()); return; } v8::Local<v8::Object> item = v8::Object::New(); unsigned numColumns = rowList->columnNames().size(); unsigned valuesIndex = index * numColumns; for (unsigned i = 0; i < numColumns; ++i) { const SQLValue& sqlValue = rowList->values()[valuesIndex + i]; v8::Handle<v8::Value> value; switch(sqlValue.type()) { case SQLValue::StringValue: value = v8String(sqlValue.string(), args.GetIsolate()); break; case SQLValue::NullValue: value = v8::Null(args.GetIsolate()); break; case SQLValue::NumberValue: value = v8::Number::New(args.GetIsolate(), sqlValue.number()); break; default: ASSERT_NOT_REACHED(); } item->Set(v8String(rowList->columnNames()[i], args.GetIsolate()), value, static_cast<v8::PropertyAttribute>(v8::DontDelete | v8::ReadOnly)); } v8SetReturnValue(args, item); }
bool SQLStatementBackend::execute(DatabaseBackend* db) { ASSERT(!m_resultSet->isValid()); // If we're re-running this statement after a quota violation, we need to clear that error now clearFailureDueToQuota(); // This transaction might have been marked bad while it was being set up on the main thread, // so if there is still an error, return false. if (m_error) return false; db->setAuthorizerPermissions(m_permissions); SQLiteDatabase* database = &db->sqliteDatabase(); SQLiteStatement statement(*database, m_statement); int result = statement.prepare(); if (result != SQLResultOk) { WTF_LOG(StorageAPI, "Unable to verify correctness of statement %s - error %i (%s)", m_statement.ascii().data(), result, database->lastErrorMsg()); if (result == SQLResultInterrupt) m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not prepare statement", result, "interrupted"); else m_error = SQLErrorData::create(SQLError::SYNTAX_ERR, "could not prepare statement", result, database->lastErrorMsg()); db->reportExecuteStatementResult(1, m_error->code(), result); return false; } // FIXME: If the statement uses the ?### syntax supported by sqlite, the bind parameter count is very likely off from the number of question marks. // If this is the case, they might be trying to do something fishy or malicious if (statement.bindParameterCount() != m_arguments.size()) { WTF_LOG(StorageAPI, "Bind parameter count doesn't match number of question marks"); m_error = SQLErrorData::create(db->isInterrupted() ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, "number of '?'s in statement string does not match argument count"); db->reportExecuteStatementResult(2, m_error->code(), 0); return false; } for (unsigned i = 0; i < m_arguments.size(); ++i) { result = statement.bindValue(i + 1, m_arguments[i]); if (result == SQLResultFull) { setFailureDueToQuota(db); return false; } if (result != SQLResultOk) { WTF_LOG(StorageAPI, "Failed to bind value index %i to statement for query '%s'", i + 1, m_statement.ascii().data()); db->reportExecuteStatementResult(3, SQLError::DATABASE_ERR, result); m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not bind value", result, database->lastErrorMsg()); return false; } } // Step so we can fetch the column names. result = statement.step(); if (result == SQLResultRow) { int columnCount = statement.columnCount(); SQLResultSetRowList* rows = m_resultSet->rows(); for (int i = 0; i < columnCount; i++) rows->addColumn(statement.getColumnName(i)); do { for (int i = 0; i < columnCount; i++) rows->addResult(statement.getColumnValue(i)); result = statement.step(); } while (result == SQLResultRow); if (result != SQLResultDone) { db->reportExecuteStatementResult(4, SQLError::DATABASE_ERR, result); m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not iterate results", result, database->lastErrorMsg()); return false; } } else if (result == SQLResultDone) { // Didn't find anything, or was an insert if (db->lastActionWasInsert()) m_resultSet->setInsertId(database->lastInsertRowID()); } else if (result == SQLResultFull) { // Return the Quota error - the delegate will be asked for more space and this statement might be re-run setFailureDueToQuota(db); return false; } else if (result == SQLResultConstraint) { db->reportExecuteStatementResult(6, SQLError::CONSTRAINT_ERR, result); m_error = SQLErrorData::create(SQLError::CONSTRAINT_ERR, "could not execute statement due to a constaint failure", result, database->lastErrorMsg()); return false; } else { db->reportExecuteStatementResult(5, SQLError::DATABASE_ERR, result); m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not execute statement", result, database->lastErrorMsg()); return false; } // FIXME: If the spec allows triggers, and we want to be "accurate" in a different way, we'd use // sqlite3_total_changes() here instead of sqlite3_changed, because that includes rows modified from within a trigger // For now, this seems sufficient m_resultSet->setRowsAffected(database->lastChanges()); db->reportExecuteStatementResult(0, -1, 0); // OK return true; }
PassRefPtrWillBeRawPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionState& exceptionState) { db->setAuthorizerPermissions(m_permissions); SQLiteDatabase* database = &db->sqliteDatabase(); SQLiteStatement statement(*database, m_statement); int result = statement.prepare(); if (result != SQLResultOk) { if (result == SQLResultInterrupt) exceptionState.throwDOMException(SQLDatabaseError, "Connection to the database interrupted."); else exceptionState.throwDOMException(SyntaxError, "Could not prepare statement."); db->setLastErrorMessage("could not prepare statement", result, database->lastErrorMsg()); return nullptr; } if (statement.bindParameterCount() != m_arguments.size()) { if (db->isInterrupted()) exceptionState.throwDOMException(SQLDatabaseError, "Connection to the database interrupted."); else exceptionState.throwDOMException(SyntaxError, "Number of '?'s in statement string (" + String::number(statement.bindParameterCount()) + ") does not match the arguments provided (" + String::number(m_arguments.size()) + ")."); db->setLastErrorMessage("number of '?'s in statement string does not match argument count"); return nullptr; } for (unsigned i = 0; i < m_arguments.size(); ++i) { result = statement.bindValue(i + 1, m_arguments[i]); if (result == SQLResultFull) { exceptionState.throwDOMException(QuotaExceededError, SQLError::quotaExceededErrorMessage); db->setLastErrorMessage("there was not enough remaining storage space"); return nullptr; } if (result != SQLResultOk) { exceptionState.throwDOMException(SQLDatabaseError, "Could not bind value."); db->setLastErrorMessage("could not bind value", result, database->lastErrorMsg()); return nullptr; } } RefPtrWillBeRawPtr<SQLResultSet> resultSet = SQLResultSet::create(); // Step so we can fetch the column names. result = statement.step(); if (result == SQLResultRow) { int columnCount = statement.columnCount(); SQLResultSetRowList* rows = resultSet->rows(); for (int i = 0; i < columnCount; i++) rows->addColumn(statement.getColumnName(i)); do { for (int i = 0; i < columnCount; i++) rows->addResult(statement.getColumnValue(i)); result = statement.step(); } while (result == SQLResultRow); if (result != SQLResultDone) { exceptionState.throwDOMException(SQLDatabaseError, "Could not iterate results."); db->setLastErrorMessage("could not iterate results", result, database->lastErrorMsg()); return nullptr; } } else if (result == SQLResultDone) { // Didn't find anything, or was an insert. if (db->lastActionWasInsert()) resultSet->setInsertId(database->lastInsertRowID()); } else if (result == SQLResultFull) { // Quota error, the delegate will be asked for more space and this statement might be re-run. exceptionState.throwDOMException(QuotaExceededError, SQLError::quotaExceededErrorMessage); db->setLastErrorMessage("there was not enough remaining storage space"); return nullptr; } else if (result == SQLResultConstraint) { exceptionState.throwDOMException(ConstraintError, "A constraint was violated."); db->setLastErrorMessage("statement failed due to a constraint failure"); return nullptr; } else { exceptionState.throwDOMException(SQLDatabaseError, "Could not execute statement."); db->setLastErrorMessage("could not execute statement", result, database->lastErrorMsg()); return nullptr; } resultSet->setRowsAffected(database->lastChanges()); return resultSet.release(); }
PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec) { db->setAuthorizerPermissions(m_permissions); SQLiteDatabase* database = &db->sqliteDatabase(); SQLiteStatement statement(*database, m_statement); int result = statement.prepare(); if (result != SQLResultOk) { ec = (result == SQLResultInterrupt ? SQLException::DATABASE_ERR : SQLException::SYNTAX_ERR); db->setLastErrorMessage("could not prepare statement", result, database->lastErrorMsg()); return 0; } if (statement.bindParameterCount() != m_arguments.size()) { ec = (db->isInterrupted()? SQLException::DATABASE_ERR : SQLException::SYNTAX_ERR); db->setLastErrorMessage("number of '?'s in statement string does not match argument count"); return 0; } for (unsigned i = 0; i < m_arguments.size(); ++i) { result = statement.bindValue(i + 1, m_arguments[i]); if (result == SQLResultFull) { ec = SQLException::QUOTA_ERR; db->setLastErrorMessage("there was not enough remaining storage space"); return 0; } if (result != SQLResultOk) { ec = SQLException::DATABASE_ERR; db->setLastErrorMessage("could not bind value", result, database->lastErrorMsg()); return 0; } } RefPtr<SQLResultSet> resultSet = SQLResultSet::create(); // Step so we can fetch the column names. result = statement.step(); if (result == SQLResultRow) { int columnCount = statement.columnCount(); SQLResultSetRowList* rows = resultSet->rows(); for (int i = 0; i < columnCount; i++) rows->addColumn(statement.getColumnName(i)); do { for (int i = 0; i < columnCount; i++) rows->addResult(statement.getColumnValue(i)); result = statement.step(); } while (result == SQLResultRow); if (result != SQLResultDone) { ec = SQLException::DATABASE_ERR; db->setLastErrorMessage("could not iterate results", result, database->lastErrorMsg()); return 0; } } else if (result == SQLResultDone) { // Didn't find anything, or was an insert. if (db->lastActionWasInsert()) resultSet->setInsertId(database->lastInsertRowID()); } else if (result == SQLResultFull) { // Quota error, the delegate will be asked for more space and this statement might be re-run. ec = SQLException::QUOTA_ERR; db->setLastErrorMessage("there was not enough remaining storage space"); return 0; } else if (result == SQLResultConstraint) { ec = SQLException::CONSTRAINT_ERR; db->setLastErrorMessage("statement failed due to a constraint failure"); return 0; } else { ec = SQLException::DATABASE_ERR; db->setLastErrorMessage("could not execute statement", result, database->lastErrorMsg()); return 0; } resultSet->setRowsAffected(database->lastChanges()); return resultSet.release(); }