static bool setMetaData(SQLiteDatabase& sqliteDatabase, const String& name, const String& version, int64_t& rowId)
{
ASSERT(!name.isNull());
ASSERT(!version.isNull());
String sql = rowId != IDBDatabaseBackendImpl::InvalidId ? "UPDATE Databases SET name = ?, version = ? WHERE id = ?"
: "INSERT INTO Databases (name, description, version) VALUES (?, '', ?)";
SQLiteStatement query(sqliteDatabase, sql);
if (query.prepare() != SQLResultOk) {
ASSERT_NOT_REACHED();
return false;
}
query.bindText(1, name);
query.bindText(2, version);
if (rowId != IDBDatabaseBackendImpl::InvalidId)
query.bindInt64(3, rowId);
if (query.step() != SQLResultDone)
return false;
if (rowId == IDBDatabaseBackendImpl::InvalidId)
rowId = sqliteDatabase.lastInsertRowID();
return true;
}
static bool putObjectStoreData(SQLiteDatabase& db, IDBKey* key, SerializedScriptValue* value, int64_t objectStoreId, int64_t& dataRowId)
{
String sql = dataRowId != IDBObjectStoreBackendImpl::InvalidId ? "UPDATE ObjectStoreData SET keyString = ?, keyDate = ?, keyNumber = ?, value = ? WHERE id = ?"
: "INSERT INTO ObjectStoreData (keyString, keyDate, keyNumber, value, objectStoreId) VALUES (?, ?, ?, ?, ?)";
SQLiteStatement query(db, sql);
if (query.prepare() != SQLResultOk)
return false;
key->bindWithNulls(query, 1);
query.bindText(4, value->toWireString());
if (dataRowId != IDBDatabaseBackendImpl::InvalidId)
query.bindInt64(5, dataRowId);
else
query.bindInt64(5, objectStoreId);
if (query.step() != SQLResultDone)
return false;
if (dataRowId == IDBDatabaseBackendImpl::InvalidId)
dataRowId = db.lastInsertRowID();
return true;
}
bool SQLStatementBackend::execute(DatabaseBackend* db)
{
ASSERT(!m_resultSet->isValid());
// If we're re-running this statement after a quota violation, we need to clear that error now
clearFailureDueToQuota();
// This transaction might have been marked bad while it was being set up on the main thread,
// so if there is still an error, return false.
if (m_error)
return false;
db->setAuthorizerPermissions(m_permissions);
SQLiteDatabase* database = &db->sqliteDatabase();
SQLiteStatement statement(*database, m_statement);
int result = statement.prepare();
if (result != SQLResultOk) {
WTF_LOG(StorageAPI, "Unable to verify correctness of statement %s - error %i (%s)", m_statement.ascii().data(), result, database->lastErrorMsg());
if (result == SQLResultInterrupt)
m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not prepare statement", result, "interrupted");
else
m_error = SQLErrorData::create(SQLError::SYNTAX_ERR, "could not prepare statement", result, database->lastErrorMsg());
db->reportExecuteStatementResult(1, m_error->code(), result);
return false;
}
// FIXME: If the statement uses the ?### syntax supported by sqlite, the bind parameter count is very likely off from the number of question marks.
// If this is the case, they might be trying to do something fishy or malicious
if (statement.bindParameterCount() != m_arguments.size()) {
WTF_LOG(StorageAPI, "Bind parameter count doesn't match number of question marks");
m_error = SQLErrorData::create(db->isInterrupted() ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, "number of '?'s in statement string does not match argument count");
db->reportExecuteStatementResult(2, m_error->code(), 0);
return false;
}
for (unsigned i = 0; i < m_arguments.size(); ++i) {
result = statement.bindValue(i + 1, m_arguments[i]);
if (result == SQLResultFull) {
setFailureDueToQuota(db);
return false;
}
if (result != SQLResultOk) {
WTF_LOG(StorageAPI, "Failed to bind value index %i to statement for query '%s'", i + 1, m_statement.ascii().data());
db->reportExecuteStatementResult(3, SQLError::DATABASE_ERR, result);
m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not bind value", result, database->lastErrorMsg());
return false;
}
}
// Step so we can fetch the column names.
result = statement.step();
if (result == SQLResultRow) {
int columnCount = statement.columnCount();
SQLResultSetRowList* rows = m_resultSet->rows();
for (int i = 0; i < columnCount; i++)
rows->addColumn(statement.getColumnName(i));
do {
for (int i = 0; i < columnCount; i++)
rows->addResult(statement.getColumnValue(i));
result = statement.step();
} while (result == SQLResultRow);
if (result != SQLResultDone) {
db->reportExecuteStatementResult(4, SQLError::DATABASE_ERR, result);
m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not iterate results", result, database->lastErrorMsg());
return false;
}
} else if (result == SQLResultDone) {
// Didn't find anything, or was an insert
if (db->lastActionWasInsert())
m_resultSet->setInsertId(database->lastInsertRowID());
} else if (result == SQLResultFull) {
// Return the Quota error - the delegate will be asked for more space and this statement might be re-run
setFailureDueToQuota(db);
return false;
} else if (result == SQLResultConstraint) {
db->reportExecuteStatementResult(6, SQLError::CONSTRAINT_ERR, result);
m_error = SQLErrorData::create(SQLError::CONSTRAINT_ERR, "could not execute statement due to a constaint failure", result, database->lastErrorMsg());
return false;
} else {
db->reportExecuteStatementResult(5, SQLError::DATABASE_ERR, result);
m_error = SQLErrorData::create(SQLError::DATABASE_ERR, "could not execute statement", result, database->lastErrorMsg());
return false;
}
// FIXME: If the spec allows triggers, and we want to be "accurate" in a different way, we'd use
// sqlite3_total_changes() here instead of sqlite3_changed, because that includes rows modified from within a trigger
// For now, this seems sufficient
m_resultSet->setRowsAffected(database->lastChanges());
db->reportExecuteStatementResult(0, -1, 0); // OK
return true;
}
PassRefPtrWillBeRawPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionState& exceptionState)
{
db->setAuthorizerPermissions(m_permissions);
SQLiteDatabase* database = &db->sqliteDatabase();
SQLiteStatement statement(*database, m_statement);
int result = statement.prepare();
if (result != SQLResultOk) {
if (result == SQLResultInterrupt)
exceptionState.throwDOMException(SQLDatabaseError, "Connection to the database interrupted.");
else
exceptionState.throwDOMException(SyntaxError, "Could not prepare statement.");
db->setLastErrorMessage("could not prepare statement", result, database->lastErrorMsg());
return nullptr;
}
if (statement.bindParameterCount() != m_arguments.size()) {
if (db->isInterrupted())
exceptionState.throwDOMException(SQLDatabaseError, "Connection to the database interrupted.");
else
exceptionState.throwDOMException(SyntaxError, "Number of '?'s in statement string (" + String::number(statement.bindParameterCount()) + ") does not match the arguments provided (" + String::number(m_arguments.size()) + ").");
db->setLastErrorMessage("number of '?'s in statement string does not match argument count");
return nullptr;
}
for (unsigned i = 0; i < m_arguments.size(); ++i) {
result = statement.bindValue(i + 1, m_arguments[i]);
if (result == SQLResultFull) {
exceptionState.throwDOMException(QuotaExceededError, SQLError::quotaExceededErrorMessage);
db->setLastErrorMessage("there was not enough remaining storage space");
return nullptr;
}
if (result != SQLResultOk) {
exceptionState.throwDOMException(SQLDatabaseError, "Could not bind value.");
db->setLastErrorMessage("could not bind value", result, database->lastErrorMsg());
return nullptr;
}
}
RefPtrWillBeRawPtr<SQLResultSet> resultSet = SQLResultSet::create();
// Step so we can fetch the column names.
result = statement.step();
if (result == SQLResultRow) {
int columnCount = statement.columnCount();
SQLResultSetRowList* rows = resultSet->rows();
for (int i = 0; i < columnCount; i++)
rows->addColumn(statement.getColumnName(i));
do {
for (int i = 0; i < columnCount; i++)
rows->addResult(statement.getColumnValue(i));
result = statement.step();
} while (result == SQLResultRow);
if (result != SQLResultDone) {
exceptionState.throwDOMException(SQLDatabaseError, "Could not iterate results.");
db->setLastErrorMessage("could not iterate results", result, database->lastErrorMsg());
return nullptr;
}
} else if (result == SQLResultDone) {
// Didn't find anything, or was an insert.
if (db->lastActionWasInsert())
resultSet->setInsertId(database->lastInsertRowID());
} else if (result == SQLResultFull) {
// Quota error, the delegate will be asked for more space and this statement might be re-run.
exceptionState.throwDOMException(QuotaExceededError, SQLError::quotaExceededErrorMessage);
db->setLastErrorMessage("there was not enough remaining storage space");
return nullptr;
} else if (result == SQLResultConstraint) {
exceptionState.throwDOMException(ConstraintError, "A constraint was violated.");
db->setLastErrorMessage("statement failed due to a constraint failure");
return nullptr;
} else {
exceptionState.throwDOMException(SQLDatabaseError, "Could not execute statement.");
db->setLastErrorMessage("could not execute statement", result, database->lastErrorMsg());
return nullptr;
}
resultSet->setRowsAffected(database->lastChanges());
return resultSet.release();
}
PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec)
{
db->setAuthorizerPermissions(m_permissions);
SQLiteDatabase* database = &db->sqliteDatabase();
SQLiteStatement statement(*database, m_statement);
int result = statement.prepare();
if (result != SQLResultOk) {
ec = (result == SQLResultInterrupt ? SQLException::DATABASE_ERR : SQLException::SYNTAX_ERR);
db->setLastErrorMessage("could not prepare statement", result, database->lastErrorMsg());
return 0;
}
if (statement.bindParameterCount() != m_arguments.size()) {
ec = (db->isInterrupted()? SQLException::DATABASE_ERR : SQLException::SYNTAX_ERR);
db->setLastErrorMessage("number of '?'s in statement string does not match argument count");
return 0;
}
for (unsigned i = 0; i < m_arguments.size(); ++i) {
result = statement.bindValue(i + 1, m_arguments[i]);
if (result == SQLResultFull) {
ec = SQLException::QUOTA_ERR;
db->setLastErrorMessage("there was not enough remaining storage space");
return 0;
}
if (result != SQLResultOk) {
ec = SQLException::DATABASE_ERR;
db->setLastErrorMessage("could not bind value", result, database->lastErrorMsg());
return 0;
}
}
RefPtr<SQLResultSet> resultSet = SQLResultSet::create();
// Step so we can fetch the column names.
result = statement.step();
if (result == SQLResultRow) {
int columnCount = statement.columnCount();
SQLResultSetRowList* rows = resultSet->rows();
for (int i = 0; i < columnCount; i++)
rows->addColumn(statement.getColumnName(i));
do {
for (int i = 0; i < columnCount; i++)
rows->addResult(statement.getColumnValue(i));
result = statement.step();
} while (result == SQLResultRow);
if (result != SQLResultDone) {
ec = SQLException::DATABASE_ERR;
db->setLastErrorMessage("could not iterate results", result, database->lastErrorMsg());
return 0;
}
} else if (result == SQLResultDone) {
// Didn't find anything, or was an insert.
if (db->lastActionWasInsert())
resultSet->setInsertId(database->lastInsertRowID());
} else if (result == SQLResultFull) {
// Quota error, the delegate will be asked for more space and this statement might be re-run.
ec = SQLException::QUOTA_ERR;
db->setLastErrorMessage("there was not enough remaining storage space");
return 0;
} else if (result == SQLResultConstraint) {
ec = SQLException::CONSTRAINT_ERR;
db->setLastErrorMessage("statement failed due to a constraint failure");
return 0;
} else {
ec = SQLException::DATABASE_ERR;
db->setLastErrorMessage("could not execute statement", result, database->lastErrorMsg());
return 0;
}
resultSet->setRowsAffected(database->lastChanges());
return resultSet.release();
}