コード例 #1
0
        public ClassSelect ManageSelect(string pQuery)
        {
            ClassSelect query;
            Match       matchselect2 = Regex.Match(pQuery, Constants.regExSelect);

            if (matchselect2.Success)
            {
                string   columns      = matchselect2.Groups[1].Value;
                string   table        = matchselect2.Groups[2].Value;
                string   condition    = matchselect2.Groups[3].Value;
                string[] columnssplit = columns.Split(',');
                query = new ClassSelect(columnssplit, table, condition, pQuery);
                return(query);
            }
            else
            {
                Match matchselectV3 = Regex.Match(pQuery, Constants.regExSelect2);
                if (matchselectV3.Success)
                {
                    string   columns      = matchselectV3.Groups[1].Value;
                    string   table        = matchselectV3.Groups[2].Value;
                    string[] columnssplit = columns.Split(',');
                    query = new ClassSelect(columnssplit, table, "", pQuery);
                    return(query);
                }
            }
            return(null);
        }
コード例 #2
0
        public string Query(string psentencia, string dbname, Database pDB)
        {
            Boolean existTablePrivileges = false;

            try
            {
                Query  query = Parse(psentencia);
                string a     = query.getClass();
                if (pDB.getUser() == "admin")
                {
                    query.Run(dbname);
                    return(query.getResult());
                }
                else if (a.Equals("select"))
                {
                    Match  matchtableselect = Regex.Match(psentencia, @"SELECT\s+.+\s+FROM\s+(\w+)");
                    string table            = matchtableselect.Groups[1].Value;
                    List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
                    foreach (TablePrivileges tableprv in userprivileges)
                    {
                        if (tableprv.getTableName() == table)
                        {
                            if (tableprv.getTablePrivileges().Contains("SELECT"))
                            {
                                existTablePrivileges = true;
                                query.Run(dbname);
                                ClassSelect q2 = (ClassSelect)query;
                                return(q2.getResult());
                            }
                            else
                            {
                                return(Constants.SecurityNotSufficientPrivileges);
                            }
                        }
                    }
                }

                else if (a.Equals("delete"))
                {
                    Match  matchtableselect = Regex.Match(psentencia, @"DELETE\s+FROM\s+(\w+)");
                    string table            = matchtableselect.Groups[1].Value;
                    List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
                    foreach (TablePrivileges tableprv in userprivileges)
                    {
                        if (tableprv.getTableName() == table)
                        {
                            if (tableprv.getTablePrivileges().Contains("DELETE"))
                            {
                                existTablePrivileges = true;
                                query.Run(dbname);
                                ClassDelete q2 = (ClassDelete)query;
                                return(q2.getResult());
                            }
                            else
                            {
                                return(Constants.SecurityNotSufficientPrivileges);
                            }
                        }
                    }
                }

                else if (a.Equals("insert"))
                {
                    Match  matchtableselect = Regex.Match(psentencia, @"INSERT\s+INTO\s+(\w+)");
                    string table            = matchtableselect.Groups[1].Value;
                    List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
                    foreach (TablePrivileges tableprv in userprivileges)
                    {
                        if (tableprv.getTableName() == table)
                        {
                            if (tableprv.getTablePrivileges().Contains("INSERT"))
                            {
                                existTablePrivileges = true;
                                query.Run(dbname);
                                ClassInsert q2 = (ClassInsert)query;
                                return(q2.getResult());
                            }
                            else
                            {
                                return(Constants.SecurityNotSufficientPrivileges);
                            }
                        }
                    }
                }

                else if (a.Equals("update"))
                {
                    Match  matchtableselect = Regex.Match(psentencia, @"UPDATE\s+(\w+)");
                    string table            = matchtableselect.Groups[1].Value;
                    List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
                    foreach (TablePrivileges tableprv in userprivileges)
                    {
                        if (tableprv.getTableName() == table)
                        {
                            if (tableprv.getTablePrivileges().Contains("UPDATE"))
                            {
                                existTablePrivileges = true;
                                query.Run(dbname);
                                ClassUpdate q2 = (ClassUpdate)query;
                                return(q2.getResult());
                            }
                            else
                            {
                                return(Constants.SecurityNotSufficientPrivileges);
                            }
                        }
                    }
                }

                if (!existTablePrivileges)
                {
                    return(Constants.SecurityNotSufficientPrivileges);
                }
                return(null);
            }
            catch (Exception e)
            {
                string errorreg;
                string error = e.ToString();
                if (error.Contains("No se pudo encontrar el archivo"))
                {
                    errorreg = "ERROR: Table does not exist";
                }
                else
                {
                    errorreg = "Your query is not valid";
                }

                return(errorreg);
            }
        }