Fixed sql injection bug using sqlite prepared statements.

added more doc detail to contentvalue (put takes private copy of data). binds to content pointers take private copy of content. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6320 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-07-25 15:35:49 -04:00 · 2013-04-20 13:39:02 +00:00 · 2013-04-20 13:39:02 +00:00 · c5c559ffe1
commit c5c559ffe1
parent 533d1f429a
7 changed files with 372 additions and 180 deletions
--- a/libretroshare/src/util/retrodb.h
+++ b/libretroshare/src/util/retrodb.h
@ -30,9 +30,12 @@
 #include <set>
 #include <list>
 #include <map>
+#include "rsdbbind.h"

 #include "contentvalue.h"

+
+
 class RetroCursor;

 /*!
@ -141,6 +144,22 @@ public:
     */
    void vacuum();

+
+    /*!
+     * Build the "VALUE" part of an insertiong sql query
+     * @param parameter contains place holder query
+     * @param paramBindings
+     */
+    void buildInsertQueryValue(const std::map<std::string, uint8_t> keyMap, const ContentValue& cv,
+    		std::string& parameter, std::list<RetroBind*>& paramBindings);
+
+    /*!
+     * Build the "VALUE" part of an insertiong sql query
+     * @param parameter contains place holder query
+     * @param paramBindings
+     */
+    void buildUpdateQueryValue(const std::map<std::string, uint8_t> keyMap, const ContentValue& cv,
+    		std::string& parameter, std::list<RetroBind*>& paramBindings);
 public:

    static const int OPEN_READONLY;
@ -149,16 +168,7 @@ public:

 private:

-    class RetroDbBlob{
-
-    public:
-
-        char* data;
-        uint32_t length;
-        uint32_t index;
-    };
-
-    bool execSQL_bind_blobs(const std::string &query, std::list<RetroDbBlob>& blobs);
+    bool execSQL_bind(const std::string &query, std::list<RetroBind*>& blobs);

 private: