public ClassInsert ManageInsert(String pQuery)
{
//public const String regExInsert = @"INSERT\s+INTO\s+(\w+)\s+VALUES\s+\(([^\)]+)\);";
Match match = Regex.Match(pQuery, Constants.regExInsert);
Match match2 = Regex.Match(pQuery, Constants.regExInsert2);
if (match.Success)
{
string table = match.Groups[1].Value;
string values = match.Groups[2].Value;
string[] myArray = values.Split(',');
ClassInsert query = new ClassInsert(table, myArray, null);
return(query);
}
else if (match2.Success)
{
string table = match2.Groups[1].Value;
string atributes = match2.Groups[2].Value;
string[] myArray2 = atributes.Split(',');
string values = match2.Groups[3].Value;
string[] myArray = values.Split(',');
ClassInsert query = new ClassInsert(table, myArray, myArray2);
return(query);
}
return(null);
}
public string Query(string psentencia, string dbname, Database pDB)
{
Boolean existTablePrivileges = false;
try
{
Query query = Parse(psentencia);
string a = query.getClass();
if (pDB.getUser() == "admin")
{
query.Run(dbname);
return(query.getResult());
}
else if (a.Equals("select"))
{
Match matchtableselect = Regex.Match(psentencia, @"SELECT\s+.+\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("SELECT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassSelect q2 = (ClassSelect)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("delete"))
{
Match matchtableselect = Regex.Match(psentencia, @"DELETE\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("DELETE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassDelete q2 = (ClassDelete)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("insert"))
{
Match matchtableselect = Regex.Match(psentencia, @"INSERT\s+INTO\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("INSERT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassInsert q2 = (ClassInsert)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("update"))
{
Match matchtableselect = Regex.Match(psentencia, @"UPDATE\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("UPDATE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassUpdate q2 = (ClassUpdate)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
if (!existTablePrivileges)
{
return(Constants.SecurityNotSufficientPrivileges);
}
return(null);
}
catch (Exception e)
{
string errorreg;
string error = e.ToString();
if (error.Contains("No se pudo encontrar el archivo"))
{
errorreg = "ERROR: Table does not exist";
}
else
{
errorreg = "Your query is not valid";
}
return(errorreg);
}
}
