#1 2012-02-06 12:51:34

eraldo
Member
From: Brasil
Registered: 2010-07-22
Posts: 69
Website

TSQLRequest.PrepareNext

Dear administrator

I think I found a bug in the "TSQLRequest.PrepareNext"
I think the right way is:

function TSQLRequest.PrepareNext: integer;
begin
  if (Request=0) or (fNextSQL^=#0) then
    result := SQLITE_DONE else begin
    Close; // free previous statement
    result := sqlite3_prepare_v2(RequestDB, fNextSQL, -1, fRequest, fNextSQL);
    while (result=SQLITE_OK) and (Request=0) and (fNextSQL^<>#0) do // comment or white-space
      result := sqlite3_prepare_v2(RequestDB, fNextSQL, -1, fRequest, fNextSQL);
    fFieldCount := sqlite3_column_count(fRequest);
    sqlite3_check(RequestDB,result); //This function should do the checking before changing the value of result
                                                  //To be generated an exception if there is any error in the script
    if Request=0 then
      result := SQLITE_DONE; // nothing more to add
  end;
end;

My code that throws an exception correctly.
I would like you to tell me if I'm doing right this way

...
  s := TStringList.Create;
  s.Add('BEGIN;');
  s.Add('INSERT INTO XXX(nome) VALUES("TEST1");');
  s.Add('INSERT ERR XXX(nome) VALUES("TEST2");');  // <<<ERROR
  s.Add('INSERT INTO XXX(nome) VALUES("TEST3");');
  s.Add('COMMIT;');
 try
  r.ExecuteAll(db.DB, s.Text);
      except
         on E : Exception do begin
         r.Execute(db.DB, 'rollback;') ;
         ShowMessage( E.Message);
        end;
 end;
  r.Close;
  s.Free;
end;

Offline

#2 2012-02-07 06:12:47

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: TSQLRequest.PrepareNext

You're right.
I think that the check should have been made before changing the result value, of course.

I've commited a fix in the source code repository.
See http://synopse.info/fossil/info/6db4d62ac0

This won't affect the framework, which does not use PrepareNext method, for security reasons (executing multiple statements is an open door to SQL injection - so mORMot only generates and execute single SQL statements, which, by the way, are not slower).

Offline

Board footer

Powered by FluxBB