summaryrefslogtreecommitdiff
path: root/sqlbox/view.php
diff options
context:
space:
mode:
authorBenjamin Franzke <benjaminfranzke@googlemail.com>2013-01-26 10:44:24 +0100
committerBenjamin Franzke <benjaminfranzke@googlemail.com>2013-01-26 10:51:52 +0100
commitf670f9aaa9e333b8d66309729bce7a8ff94f3960 (patch)
tree98497429322e36cd66a32815f0a946a7d021761b /sqlbox/view.php
parente0074fe42cd13abba6afeebf1236c7a4d2774839 (diff)
downloadsqltutor-plugin-f670f9aaa9e333b8d66309729bce7a8ff94f3960.tar.gz
sqltutor-plugin-f670f9aaa9e333b8d66309729bce7a8ff94f3960.tar.bz2
sqltutor-plugin-f670f9aaa9e333b8d66309729bce7a8ff94f3960.zip
Put queries into a transaction and rollback after user query
So that users cannot change the database. This has the disadvantage, that we cant have tests where user has to insert stuff.
Diffstat (limited to 'sqlbox/view.php')
-rw-r--r--sqlbox/view.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/sqlbox/view.php b/sqlbox/view.php
index 47a9de4..f215d7d 100644
--- a/sqlbox/view.php
+++ b/sqlbox/view.php
@@ -99,12 +99,18 @@ if (isset($data->sqlbox_query)) {
print_error('dbconnectionfailed', 'sqlbox');
$table = db_table_from_query($db, $data->sqlbox_query);
+ $result = @pg_query($db, "BEGIN TRANSACTION;");
+ if (!$result)
+ print_error('dmltransactionexception');
if (strlen($sqlbox->query) > 0) {
$table_orig = db_table_from_query($db, $sqlbox->query);
if ($table->data != $table_orig->data ||
$table->head != $table_orig->head)
$correct = false;
}
+ $result = @pg_query($db, "ROLLBACK TRANSACTION;");
+ if (!$result)
+ print_error('dmltransactionexception');
pg_close($db);
echo html_writer::table($table);