public ClassUpdate ManageUpdate(string pQuery) { Match Update = Regex.Match(pQuery, Constants.regExpUpdate); if (Update.Success) { string Table = Update.Groups[1].Value; string Column = Update.Groups[2].Value; string[] ColumnSplit = Column.Split(','); string Condition = Update.Groups[3].Value; ClassUpdate query = new ClassUpdate(Table, ColumnSplit, Condition); return(query); } return(null); }
public string Query(string psentencia, string dbname, Database pDB) { Boolean existTablePrivileges = false; try { Query query = Parse(psentencia); string a = query.getClass(); if (pDB.getUser() == "admin") { query.Run(dbname); return(query.getResult()); } else if (a.Equals("select")) { Match matchtableselect = Regex.Match(psentencia, @"SELECT\s+.+\s+FROM\s+(\w+)"); string table = matchtableselect.Groups[1].Value; List <TablePrivileges> userprivileges = pDB.GetTablePrivileges(); foreach (TablePrivileges tableprv in userprivileges) { if (tableprv.getTableName() == table) { if (tableprv.getTablePrivileges().Contains("SELECT")) { existTablePrivileges = true; query.Run(dbname); ClassSelect q2 = (ClassSelect)query; return(q2.getResult()); } else { return(Constants.SecurityNotSufficientPrivileges); } } } } else if (a.Equals("delete")) { Match matchtableselect = Regex.Match(psentencia, @"DELETE\s+FROM\s+(\w+)"); string table = matchtableselect.Groups[1].Value; List <TablePrivileges> userprivileges = pDB.GetTablePrivileges(); foreach (TablePrivileges tableprv in userprivileges) { if (tableprv.getTableName() == table) { if (tableprv.getTablePrivileges().Contains("DELETE")) { existTablePrivileges = true; query.Run(dbname); ClassDelete q2 = (ClassDelete)query; return(q2.getResult()); } else { return(Constants.SecurityNotSufficientPrivileges); } } } } else if (a.Equals("insert")) { Match matchtableselect = Regex.Match(psentencia, @"INSERT\s+INTO\s+(\w+)"); string table = matchtableselect.Groups[1].Value; List <TablePrivileges> userprivileges = pDB.GetTablePrivileges(); foreach (TablePrivileges tableprv in userprivileges) { if (tableprv.getTableName() == table) { if (tableprv.getTablePrivileges().Contains("INSERT")) { existTablePrivileges = true; query.Run(dbname); ClassInsert q2 = (ClassInsert)query; return(q2.getResult()); } else { return(Constants.SecurityNotSufficientPrivileges); } } } } else if (a.Equals("update")) { Match matchtableselect = Regex.Match(psentencia, @"UPDATE\s+(\w+)"); string table = matchtableselect.Groups[1].Value; List <TablePrivileges> userprivileges = pDB.GetTablePrivileges(); foreach (TablePrivileges tableprv in userprivileges) { if (tableprv.getTableName() == table) { if (tableprv.getTablePrivileges().Contains("UPDATE")) { existTablePrivileges = true; query.Run(dbname); ClassUpdate q2 = (ClassUpdate)query; return(q2.getResult()); } else { return(Constants.SecurityNotSufficientPrivileges); } } } } if (!existTablePrivileges) { return(Constants.SecurityNotSufficientPrivileges); } return(null); } catch (Exception e) { string errorreg; string error = e.ToString(); if (error.Contains("No se pudo encontrar el archivo")) { errorreg = "ERROR: Table does not exist"; } else { errorreg = "Your query is not valid"; } return(errorreg); } }