1 /* statement.c - the statement type
2 *
3 * Copyright (C) 2005-2010 Gerhard Häring <gh@ghaering.de>
4 *
5 * This file is part of pysqlite.
6 *
7 * This software is provided 'as-is', without any express or implied
8 * warranty. In no event will the authors be held liable for any damages
9 * arising from the use of this software.
10 *
11 * Permission is granted to anyone to use this software for any purpose,
12 * including commercial applications, and to alter it and redistribute it
13 * freely, subject to the following restrictions:
14 *
15 * 1. The origin of this software must not be misrepresented; you must not
16 * claim that you wrote the original software. If you use this software
17 * in a product, an acknowledgment in the product documentation would be
18 * appreciated but is not required.
19 * 2. Altered source versions must be plainly marked as such, and must not be
20 * misrepresented as being the original software.
21 * 3. This notice may not be removed or altered from any source distribution.
22 */
23
24 #include "statement.h"
25 #include "cursor.h"
26 #include "connection.h"
27 #include "microprotocols.h"
28 #include "prepare_protocol.h"
29 #include "util.h"
30
31 /* prototypes */
32 static int pysqlite_check_remaining_sql(const char* tail);
33
34 typedef enum {
35 LINECOMMENT_1,
36 IN_LINECOMMENT,
37 COMMENTSTART_1,
38 IN_COMMENT,
39 COMMENTEND_1,
40 NORMAL
41 } parse_remaining_sql_state;
42
43 typedef enum {
44 TYPE_LONG,
45 TYPE_FLOAT,
46 TYPE_UNICODE,
47 TYPE_BUFFER,
48 TYPE_UNKNOWN
49 } parameter_type;
50
pysqlite_statement_create(pysqlite_Statement * self,pysqlite_Connection * connection,PyObject * sql)51 int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* connection, PyObject* sql)
52 {
53 const char* tail;
54 int rc;
55 const char* sql_cstr;
56 Py_ssize_t sql_cstr_len;
57 const char* p;
58
59 self->st = NULL;
60 self->in_use = 0;
61
62 assert(PyUnicode_Check(sql));
63
64 sql_cstr = PyUnicode_AsUTF8AndSize(sql, &sql_cstr_len);
65 if (sql_cstr == NULL) {
66 rc = PYSQLITE_SQL_WRONG_TYPE;
67 return rc;
68 }
69 if (strlen(sql_cstr) != (size_t)sql_cstr_len) {
70 PyErr_SetString(PyExc_ValueError, "the query contains a null character");
71 return PYSQLITE_SQL_WRONG_TYPE;
72 }
73
74 self->in_weakreflist = NULL;
75 Py_INCREF(sql);
76 self->sql = sql;
77
78 /* Determine if the statement is a DML statement.
79 SELECT is the only exception. See #9924. */
80 self->is_dml = 0;
81 for (p = sql_cstr; *p != 0; p++) {
82 switch (*p) {
83 case ' ':
84 case '\r':
85 case '\n':
86 case '\t':
87 continue;
88 }
89
90 self->is_dml = (PyOS_strnicmp(p, "insert", 6) == 0)
91 || (PyOS_strnicmp(p, "update", 6) == 0)
92 || (PyOS_strnicmp(p, "delete", 6) == 0)
93 || (PyOS_strnicmp(p, "replace", 7) == 0);
94 break;
95 }
96
97 Py_BEGIN_ALLOW_THREADS
98 rc = sqlite3_prepare_v2(connection->db,
99 sql_cstr,
100 -1,
101 &self->st,
102 &tail);
103 Py_END_ALLOW_THREADS
104
105 self->db = connection->db;
106
107 if (rc == SQLITE_OK && pysqlite_check_remaining_sql(tail)) {
108 (void)sqlite3_finalize(self->st);
109 self->st = NULL;
110 rc = PYSQLITE_TOO_MUCH_SQL;
111 }
112
113 return rc;
114 }
115
pysqlite_statement_bind_parameter(pysqlite_Statement * self,int pos,PyObject * parameter)116 int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObject* parameter)
117 {
118 int rc = SQLITE_OK;
119 const char *string;
120 Py_ssize_t buflen;
121 parameter_type paramtype;
122
123 if (parameter == Py_None) {
124 rc = sqlite3_bind_null(self->st, pos);
125 goto final;
126 }
127
128 if (PyLong_CheckExact(parameter)) {
129 paramtype = TYPE_LONG;
130 } else if (PyFloat_CheckExact(parameter)) {
131 paramtype = TYPE_FLOAT;
132 } else if (PyUnicode_CheckExact(parameter)) {
133 paramtype = TYPE_UNICODE;
134 } else if (PyLong_Check(parameter)) {
135 paramtype = TYPE_LONG;
136 } else if (PyFloat_Check(parameter)) {
137 paramtype = TYPE_FLOAT;
138 } else if (PyUnicode_Check(parameter)) {
139 paramtype = TYPE_UNICODE;
140 } else if (PyObject_CheckBuffer(parameter)) {
141 paramtype = TYPE_BUFFER;
142 } else {
143 paramtype = TYPE_UNKNOWN;
144 }
145
146 switch (paramtype) {
147 case TYPE_LONG: {
148 sqlite_int64 value = _pysqlite_long_as_int64(parameter);
149 if (value == -1 && PyErr_Occurred())
150 rc = -1;
151 else
152 rc = sqlite3_bind_int64(self->st, pos, value);
153 break;
154 }
155 case TYPE_FLOAT:
156 rc = sqlite3_bind_double(self->st, pos, PyFloat_AsDouble(parameter));
157 break;
158 case TYPE_UNICODE:
159 string = PyUnicode_AsUTF8AndSize(parameter, &buflen);
160 if (string == NULL)
161 return -1;
162 if (buflen > INT_MAX) {
163 PyErr_SetString(PyExc_OverflowError,
164 "string longer than INT_MAX bytes");
165 return -1;
166 }
167 rc = sqlite3_bind_text(self->st, pos, string, (int)buflen, SQLITE_TRANSIENT);
168 break;
169 case TYPE_BUFFER: {
170 Py_buffer view;
171 if (PyObject_GetBuffer(parameter, &view, PyBUF_SIMPLE) != 0) {
172 PyErr_SetString(PyExc_ValueError, "could not convert BLOB to buffer");
173 return -1;
174 }
175 if (view.len > INT_MAX) {
176 PyErr_SetString(PyExc_OverflowError,
177 "BLOB longer than INT_MAX bytes");
178 PyBuffer_Release(&view);
179 return -1;
180 }
181 rc = sqlite3_bind_blob(self->st, pos, view.buf, (int)view.len, SQLITE_TRANSIENT);
182 PyBuffer_Release(&view);
183 break;
184 }
185 case TYPE_UNKNOWN:
186 rc = -1;
187 }
188
189 final:
190 return rc;
191 }
192
193 /* returns 0 if the object is one of Python's internal ones that don't need to be adapted */
_need_adapt(PyObject * obj)194 static int _need_adapt(PyObject* obj)
195 {
196 if (pysqlite_BaseTypeAdapted) {
197 return 1;
198 }
199
200 if (PyLong_CheckExact(obj) || PyFloat_CheckExact(obj)
201 || PyUnicode_CheckExact(obj) || PyByteArray_CheckExact(obj)) {
202 return 0;
203 } else {
204 return 1;
205 }
206 }
207
pysqlite_statement_bind_parameters(pysqlite_Statement * self,PyObject * parameters)208 void pysqlite_statement_bind_parameters(pysqlite_Statement* self, PyObject* parameters)
209 {
210 PyObject* current_param;
211 PyObject* adapted;
212 const char* binding_name;
213 int i;
214 int rc;
215 int num_params_needed;
216 Py_ssize_t num_params;
217
218 Py_BEGIN_ALLOW_THREADS
219 num_params_needed = sqlite3_bind_parameter_count(self->st);
220 Py_END_ALLOW_THREADS
221
222 if (PyTuple_CheckExact(parameters) || PyList_CheckExact(parameters) || (!PyDict_Check(parameters) && PySequence_Check(parameters))) {
223 /* parameters passed as sequence */
224 if (PyTuple_CheckExact(parameters)) {
225 num_params = PyTuple_GET_SIZE(parameters);
226 } else if (PyList_CheckExact(parameters)) {
227 num_params = PyList_GET_SIZE(parameters);
228 } else {
229 num_params = PySequence_Size(parameters);
230 if (num_params == -1) {
231 return;
232 }
233 }
234 if (num_params != num_params_needed) {
235 PyErr_Format(pysqlite_ProgrammingError,
236 "Incorrect number of bindings supplied. The current "
237 "statement uses %d, and there are %zd supplied.",
238 num_params_needed, num_params);
239 return;
240 }
241 for (i = 0; i < num_params; i++) {
242 if (PyTuple_CheckExact(parameters)) {
243 current_param = PyTuple_GET_ITEM(parameters, i);
244 Py_INCREF(current_param);
245 } else if (PyList_CheckExact(parameters)) {
246 current_param = PyList_GetItem(parameters, i);
247 Py_XINCREF(current_param);
248 } else {
249 current_param = PySequence_GetItem(parameters, i);
250 }
251 if (!current_param) {
252 return;
253 }
254
255 if (!_need_adapt(current_param)) {
256 adapted = current_param;
257 } else {
258 adapted = pysqlite_microprotocols_adapt(current_param, (PyObject*)&pysqlite_PrepareProtocolType, current_param);
259 Py_DECREF(current_param);
260 if (!adapted) {
261 return;
262 }
263 }
264
265 rc = pysqlite_statement_bind_parameter(self, i + 1, adapted);
266 Py_DECREF(adapted);
267
268 if (rc != SQLITE_OK) {
269 if (!PyErr_Occurred()) {
270 PyErr_Format(pysqlite_InterfaceError, "Error binding parameter %d - probably unsupported type.", i);
271 }
272 return;
273 }
274 }
275 } else if (PyDict_Check(parameters)) {
276 /* parameters passed as dictionary */
277 for (i = 1; i <= num_params_needed; i++) {
278 PyObject *binding_name_obj;
279 Py_BEGIN_ALLOW_THREADS
280 binding_name = sqlite3_bind_parameter_name(self->st, i);
281 Py_END_ALLOW_THREADS
282 if (!binding_name) {
283 PyErr_Format(pysqlite_ProgrammingError, "Binding %d has no name, but you supplied a dictionary (which has only names).", i);
284 return;
285 }
286
287 binding_name++; /* skip first char (the colon) */
288 binding_name_obj = PyUnicode_FromString(binding_name);
289 if (!binding_name_obj) {
290 return;
291 }
292 if (PyDict_CheckExact(parameters)) {
293 current_param = PyDict_GetItemWithError(parameters, binding_name_obj);
294 Py_XINCREF(current_param);
295 } else {
296 current_param = PyObject_GetItem(parameters, binding_name_obj);
297 }
298 Py_DECREF(binding_name_obj);
299 if (!current_param) {
300 if (!PyErr_Occurred() || PyErr_ExceptionMatches(PyExc_LookupError)) {
301 PyErr_Format(pysqlite_ProgrammingError, "You did not supply a value for binding %d.", i);
302 }
303 return;
304 }
305
306 if (!_need_adapt(current_param)) {
307 adapted = current_param;
308 } else {
309 adapted = pysqlite_microprotocols_adapt(current_param, (PyObject*)&pysqlite_PrepareProtocolType, current_param);
310 Py_DECREF(current_param);
311 if (!adapted) {
312 return;
313 }
314 }
315
316 rc = pysqlite_statement_bind_parameter(self, i, adapted);
317 Py_DECREF(adapted);
318
319 if (rc != SQLITE_OK) {
320 if (!PyErr_Occurred()) {
321 PyErr_Format(pysqlite_InterfaceError, "Error binding parameter :%s - probably unsupported type.", binding_name);
322 }
323 return;
324 }
325 }
326 } else {
327 PyErr_SetString(PyExc_ValueError, "parameters are of unsupported type");
328 }
329 }
330
pysqlite_statement_finalize(pysqlite_Statement * self)331 int pysqlite_statement_finalize(pysqlite_Statement* self)
332 {
333 int rc;
334
335 rc = SQLITE_OK;
336 if (self->st) {
337 Py_BEGIN_ALLOW_THREADS
338 rc = sqlite3_finalize(self->st);
339 Py_END_ALLOW_THREADS
340 self->st = NULL;
341 }
342
343 self->in_use = 0;
344
345 return rc;
346 }
347
pysqlite_statement_reset(pysqlite_Statement * self)348 int pysqlite_statement_reset(pysqlite_Statement* self)
349 {
350 int rc;
351
352 rc = SQLITE_OK;
353
354 if (self->in_use && self->st) {
355 Py_BEGIN_ALLOW_THREADS
356 rc = sqlite3_reset(self->st);
357 Py_END_ALLOW_THREADS
358
359 if (rc == SQLITE_OK) {
360 self->in_use = 0;
361 }
362 }
363
364 return rc;
365 }
366
pysqlite_statement_mark_dirty(pysqlite_Statement * self)367 void pysqlite_statement_mark_dirty(pysqlite_Statement* self)
368 {
369 self->in_use = 1;
370 }
371
pysqlite_statement_dealloc(pysqlite_Statement * self)372 void pysqlite_statement_dealloc(pysqlite_Statement* self)
373 {
374 if (self->st) {
375 Py_BEGIN_ALLOW_THREADS
376 sqlite3_finalize(self->st);
377 Py_END_ALLOW_THREADS
378 }
379
380 self->st = NULL;
381
382 Py_XDECREF(self->sql);
383
384 if (self->in_weakreflist != NULL) {
385 PyObject_ClearWeakRefs((PyObject*)self);
386 }
387
388 Py_TYPE(self)->tp_free((PyObject*)self);
389 }
390
391 /*
392 * Checks if there is anything left in an SQL string after SQLite compiled it.
393 * This is used to check if somebody tried to execute more than one SQL command
394 * with one execute()/executemany() command, which the DB-API and we don't
395 * allow.
396 *
397 * Returns 1 if there is more left than should be. 0 if ok.
398 */
pysqlite_check_remaining_sql(const char * tail)399 static int pysqlite_check_remaining_sql(const char* tail)
400 {
401 const char* pos = tail;
402
403 parse_remaining_sql_state state = NORMAL;
404
405 for (;;) {
406 switch (*pos) {
407 case 0:
408 return 0;
409 case '-':
410 if (state == NORMAL) {
411 state = LINECOMMENT_1;
412 } else if (state == LINECOMMENT_1) {
413 state = IN_LINECOMMENT;
414 }
415 break;
416 case ' ':
417 case '\t':
418 break;
419 case '\n':
420 case 13:
421 if (state == IN_LINECOMMENT) {
422 state = NORMAL;
423 }
424 break;
425 case '/':
426 if (state == NORMAL) {
427 state = COMMENTSTART_1;
428 } else if (state == COMMENTEND_1) {
429 state = NORMAL;
430 } else if (state == COMMENTSTART_1) {
431 return 1;
432 }
433 break;
434 case '*':
435 if (state == NORMAL) {
436 return 1;
437 } else if (state == LINECOMMENT_1) {
438 return 1;
439 } else if (state == COMMENTSTART_1) {
440 state = IN_COMMENT;
441 } else if (state == IN_COMMENT) {
442 state = COMMENTEND_1;
443 }
444 break;
445 default:
446 if (state == COMMENTEND_1) {
447 state = IN_COMMENT;
448 } else if (state == IN_LINECOMMENT) {
449 } else if (state == IN_COMMENT) {
450 } else {
451 return 1;
452 }
453 }
454
455 pos++;
456 }
457
458 return 0;
459 }
460
461 PyTypeObject pysqlite_StatementType = {
462 PyVarObject_HEAD_INIT(NULL, 0)
463 MODULE_NAME ".Statement", /* tp_name */
464 sizeof(pysqlite_Statement), /* tp_basicsize */
465 0, /* tp_itemsize */
466 (destructor)pysqlite_statement_dealloc, /* tp_dealloc */
467 0, /* tp_vectorcall_offset */
468 0, /* tp_getattr */
469 0, /* tp_setattr */
470 0, /* tp_as_async */
471 0, /* tp_repr */
472 0, /* tp_as_number */
473 0, /* tp_as_sequence */
474 0, /* tp_as_mapping */
475 0, /* tp_hash */
476 0, /* tp_call */
477 0, /* tp_str */
478 0, /* tp_getattro */
479 0, /* tp_setattro */
480 0, /* tp_as_buffer */
481 Py_TPFLAGS_DEFAULT, /* tp_flags */
482 0, /* tp_doc */
483 0, /* tp_traverse */
484 0, /* tp_clear */
485 0, /* tp_richcompare */
486 offsetof(pysqlite_Statement, in_weakreflist), /* tp_weaklistoffset */
487 0, /* tp_iter */
488 0, /* tp_iternext */
489 0, /* tp_methods */
490 0, /* tp_members */
491 0, /* tp_getset */
492 0, /* tp_base */
493 0, /* tp_dict */
494 0, /* tp_descr_get */
495 0, /* tp_descr_set */
496 0, /* tp_dictoffset */
497 (initproc)0, /* tp_init */
498 0, /* tp_alloc */
499 0, /* tp_new */
500 0 /* tp_free */
501 };
502
pysqlite_statement_setup_types(void)503 extern int pysqlite_statement_setup_types(void)
504 {
505 pysqlite_StatementType.tp_new = PyType_GenericNew;
506 return PyType_Ready(&pysqlite_StatementType);
507 }
508