You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2012-02-06 12:51:34
TSQLRequest.PrepareNext
Dear administrator
I think I found a bug in the "TSQLRequest.PrepareNext"
I think the right way is:
function TSQLRequest.PrepareNext: integer;
begin
if (Request=0) or (fNextSQL^=#0) then
result := SQLITE_DONE else begin
Close; // free previous statement
result := sqlite3_prepare_v2(RequestDB, fNextSQL, -1, fRequest, fNextSQL);
while (result=SQLITE_OK) and (Request=0) and (fNextSQL^<>#0) do // comment or white-space
result := sqlite3_prepare_v2(RequestDB, fNextSQL, -1, fRequest, fNextSQL);
fFieldCount := sqlite3_column_count(fRequest);
sqlite3_check(RequestDB,result); //This function should do the checking before changing the value of result
//To be generated an exception if there is any error in the script
if Request=0 then
result := SQLITE_DONE; // nothing more to add
end;
end;My code that throws an exception correctly.
I would like you to tell me if I'm doing right this way
...
s := TStringList.Create;
s.Add('BEGIN;');
s.Add('INSERT INTO XXX(nome) VALUES("TEST1");');
s.Add('INSERT ERR XXX(nome) VALUES("TEST2");'); // <<<ERROR
s.Add('INSERT INTO XXX(nome) VALUES("TEST3");');
s.Add('COMMIT;');
try
r.ExecuteAll(db.DB, s.Text);
except
on E : Exception do begin
r.Execute(db.DB, 'rollback;') ;
ShowMessage( E.Message);
end;
end;
r.Close;
s.Free;
end;Offline
#2 2012-02-07 06:12:47
Re: TSQLRequest.PrepareNext
You're right.
I think that the check should have been made before changing the result value, of course.
I've commited a fix in the source code repository.
See http://synopse.info/fossil/info/6db4d62ac0
This won't affect the framework, which does not use PrepareNext method, for security reasons (executing multiple statements is an open door to SQL injection - so mORMot only generates and execute single SQL statements, which, by the way, are not slower).
Offline
Pages: 1