2 * Copyright (C) 2007 Apple Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #include "SQLStatement.h"
36 #include "SQLiteDatabase.h"
37 #include "SQLiteStatement.h"
38 #include "SQLStatementCallback.h"
39 #include "SQLStatementErrorCallback.h"
40 #include "SQLTransaction.h"
42 #include <wtf/text/CString.h>
46 PassRefPtr<SQLStatement> SQLStatement::create(Database* database, const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
48 return adoptRef(new SQLStatement(database, statement, arguments, callback, errorCallback, permissions));
51 SQLStatement::SQLStatement(Database* database, const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
52 : m_statement(statement.crossThreadString())
53 , m_arguments(arguments)
54 , m_statementCallbackWrapper(callback, database->scriptExecutionContext())
55 , m_statementErrorCallbackWrapper(errorCallback, database->scriptExecutionContext())
56 , m_permissions(permissions)
60 bool SQLStatement::execute(Database* db)
64 // If we're re-running this statement after a quota violation, we need to clear that error now
65 clearFailureDueToQuota();
67 // This transaction might have been marked bad while it was being set up on the main thread,
68 // so if there is still an error, return false.
72 db->setAuthorizerPermissions(m_permissions);
74 SQLiteDatabase* database = &db->sqliteDatabase();
76 SQLiteStatement statement(*database, m_statement);
77 int result = statement.prepare();
79 if (result != SQLResultOk) {
80 LOG(StorageAPI, "Unable to verify correctness of statement %s - error %i (%s)", m_statement.ascii().data(), result, database->lastErrorMsg());
81 m_error = SQLError::create(result == SQLResultInterrupt ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, database->lastErrorMsg());
85 // FIXME: If the statement uses the ?### syntax supported by sqlite, the bind parameter count is very likely off from the number of question marks.
86 // If this is the case, they might be trying to do something fishy or malicious
87 if (statement.bindParameterCount() != m_arguments.size()) {
88 LOG(StorageAPI, "Bind parameter count doesn't match number of question marks");
89 m_error = SQLError::create(db->isInterrupted() ? SQLError::DATABASE_ERR : SQLError::SYNTAX_ERR, "number of '?'s in statement string does not match argument count");
93 for (unsigned i = 0; i < m_arguments.size(); ++i) {
94 result = statement.bindValue(i + 1, m_arguments[i]);
95 if (result == SQLResultFull) {
96 setFailureDueToQuota();
100 if (result != SQLResultOk) {
101 LOG(StorageAPI, "Failed to bind value index %i to statement for query '%s'", i + 1, m_statement.ascii().data());
102 m_error = SQLError::create(SQLError::DATABASE_ERR, database->lastErrorMsg());
107 RefPtr<SQLResultSet> resultSet = SQLResultSet::create();
109 // Step so we can fetch the column names.
110 result = statement.step();
111 if (result == SQLResultRow) {
112 int columnCount = statement.columnCount();
113 SQLResultSetRowList* rows = resultSet->rows();
115 for (int i = 0; i < columnCount; i++)
116 rows->addColumn(statement.getColumnName(i));
119 for (int i = 0; i < columnCount; i++)
120 rows->addResult(statement.getColumnValue(i));
122 result = statement.step();
123 } while (result == SQLResultRow);
125 if (result != SQLResultDone) {
126 m_error = SQLError::create(SQLError::DATABASE_ERR, database->lastErrorMsg());
129 } else if (result == SQLResultDone) {
130 // Didn't find anything, or was an insert
131 if (db->lastActionWasInsert())
132 resultSet->setInsertId(database->lastInsertRowID());
133 } else if (result == SQLResultFull) {
134 // Return the Quota error - the delegate will be asked for more space and this statement might be re-run
135 setFailureDueToQuota();
138 m_error = SQLError::create(SQLError::DATABASE_ERR, database->lastErrorMsg());
142 // FIXME: If the spec allows triggers, and we want to be "accurate" in a different way, we'd use
143 // sqlite3_total_changes() here instead of sqlite3_changed, because that includes rows modified from within a trigger
144 // For now, this seems sufficient
145 resultSet->setRowsAffected(database->lastChanges());
147 m_resultSet = resultSet;
151 void SQLStatement::setDatabaseDeletedError()
153 ASSERT(!m_error && !m_resultSet);
154 m_error = SQLError::create(SQLError::UNKNOWN_ERR, "unable to execute statement, because the user deleted the database");
157 void SQLStatement::setVersionMismatchedError()
159 ASSERT(!m_error && !m_resultSet);
160 m_error = SQLError::create(SQLError::VERSION_ERR, "current version of the database and `oldVersion` argument do not match");
163 bool SQLStatement::performCallback(SQLTransaction* transaction)
167 bool callbackError = false;
169 RefPtr<SQLStatementCallback> callback = m_statementCallbackWrapper.unwrap();
170 RefPtr<SQLStatementErrorCallback> errorCallback = m_statementErrorCallbackWrapper.unwrap();
172 // Call the appropriate statement callback and track if it resulted in an error,
173 // because then we need to jump to the transaction error callback.
175 ASSERT(errorCallback);
176 callbackError = errorCallback->handleEvent(transaction, m_error.get());
178 callbackError = !callback->handleEvent(transaction, m_resultSet.get());
180 return callbackError;
183 void SQLStatement::setFailureDueToQuota()
185 ASSERT(!m_error && !m_resultSet);
186 m_error = SQLError::create(SQLError::QUOTA_ERR, "there was not enough remaining storage space, or the storage quota was reached and the user declined to allow more space");
189 void SQLStatement::clearFailureDueToQuota()
191 if (lastExecutionFailedDueToQuota())
195 bool SQLStatement::lastExecutionFailedDueToQuota() const
197 return m_error && m_error->code() == SQLError::QUOTA_ERR;
200 } // namespace WebCore
202 #endif // ENABLE(DATABASE)