From f670f9aaa9e333b8d66309729bce7a8ff94f3960 Mon Sep 17 00:00:00 2001
From: Benjamin Franzke <benjaminfranzke@googlemail.com>
Date: Sat, 26 Jan 2013 10:44:24 +0100
Subject: Put queries into a transaction and rollback after user query

So that users cannot change the database.
This has the disadvantage, that we cant have tests
where user has to insert stuff.
---
 sqlbox/view.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'sqlbox/view.php')

diff --git a/sqlbox/view.php b/sqlbox/view.php
index 47a9de4..f215d7d 100644
--- a/sqlbox/view.php
+++ b/sqlbox/view.php
@@ -99,12 +99,18 @@ if (isset($data->sqlbox_query)) {
         print_error('dbconnectionfailed', 'sqlbox');
 
     $table = db_table_from_query($db, $data->sqlbox_query);
+    $result = @pg_query($db, "BEGIN TRANSACTION;");
+    if (!$result)
+        print_error('dmltransactionexception');
     if (strlen($sqlbox->query) > 0) {
         $table_orig = db_table_from_query($db, $sqlbox->query);
         if ($table->data != $table_orig->data ||
             $table->head != $table_orig->head) 
             $correct = false;
     }
+    $result = @pg_query($db, "ROLLBACK TRANSACTION;");
+    if (!$result)
+        print_error('dmltransactionexception');
     pg_close($db);
 
     echo html_writer::table($table);
-- 
cgit