From 0b43d04e52acb4f2cf8cc4a1acc04ab90d17e2fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20Ca=C3=B1as=20Vargas?= Date: Wed, 24 Oct 2018 09:25:09 +0200 Subject: [PATCH] Version 18.7.39 --- swad_changelog.h | 3 +- swad_pagination.c | 28 ++--- swad_password.c | 90 +++++++++------- swad_photo.c | 268 ++++++++++++++++++++++++++-------------------- 4 files changed, 220 insertions(+), 169 deletions(-) diff --git a/swad_changelog.h b/swad_changelog.h index 66fcec037..ce7d02ca5 100644 --- a/swad_changelog.h +++ b/swad_changelog.h @@ -355,10 +355,11 @@ En OpenSWAD: ps2pdf source.ps destination.pdf */ -#define Log_PLATFORM_VERSION "SWAD 18.7.38 (2018-10-24)" +#define Log_PLATFORM_VERSION "SWAD 18.7.39 (2018-10-24)" #define CSS_FILE "swad18.4.css" #define JS_FILE "swad17.17.1.js" /* + Version 18.7.39: Oct 24, 2018 Some sprintf for database queries changed by asprintf. (238037 lines) Version 18.7.38: Oct 24, 2018 Some sprintf for database queries changed by asprintf. (237986 lines) Version 18.7.37: Oct 24, 2018 Some sprintf for database queries changed by asprintf. (237926 lines) Version 18.7.36: Oct 23, 2018 Some sprintf for database queries changed by asprintf. (237905 lines) diff --git a/swad_pagination.c b/swad_pagination.c index a69fc0b9d..c783e8a07 100644 --- a/swad_pagination.c +++ b/swad_pagination.c @@ -25,7 +25,9 @@ /********************************** Headers **********************************/ /*****************************************************************************/ +#define _GNU_SOURCE // For asprintf #include // For NULL +#include // For asprintf #include "swad_action.h" #include "swad_database.h" @@ -798,14 +800,15 @@ unsigned Pag_GetParamPagNum (Pag_WhatPaginate_t WhatPaginate) void Pag_SaveLastPageMsgIntoSession (Pag_WhatPaginate_t WhatPaginate,unsigned NumPage) { - char Query[128 + Cns_BYTES_SESSION_ID]; + char *Query; /***** Save last page of received/sent messages *****/ - sprintf (Query,"UPDATE sessions SET %s=%u WHERE SessionId='%s'", - WhatPaginate == Pag_MESSAGES_RECEIVED ? "LastPageMsgRcv" : - "LastPageMsgSnt", - NumPage,Gbl.Session.Id); - DB_QueryUPDATE (Query,"can not update last page of messages"); + if (asprintf (&Query,"UPDATE sessions SET %s=%u WHERE SessionId='%s'", + WhatPaginate == Pag_MESSAGES_RECEIVED ? "LastPageMsgRcv" : + "LastPageMsgSnt", + NumPage,Gbl.Session.Id) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not update last page of messages"); } /*****************************************************************************/ @@ -814,18 +817,19 @@ void Pag_SaveLastPageMsgIntoSession (Pag_WhatPaginate_t WhatPaginate,unsigned Nu unsigned Pag_GetLastPageMsgFromSession (Pag_WhatPaginate_t WhatPaginate) { - char Query[128 + Cns_BYTES_SESSION_ID]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; unsigned NumPage; /***** Get last page of received/sent messages from database *****/ - sprintf (Query,"SELECT %s FROM sessions WHERE SessionId='%s'", - WhatPaginate == Pag_MESSAGES_RECEIVED ? "LastPageMsgRcv" : - "LastPageMsgSnt", - Gbl.Session.Id); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get last page of messages"); + if (asprintf (&Query,"SELECT %s FROM sessions WHERE SessionId='%s'", + WhatPaginate == Pag_MESSAGES_RECEIVED ? "LastPageMsgRcv" : + "LastPageMsgSnt", + Gbl.Session.Id) < 0) + Lay_NotEnoughMemoryExit (); + NumRows = DB_QuerySELECT_free (Query,&mysql_res,"can not get last page of messages"); /***** Check number of rows of the result ****/ if (NumRows != 1) diff --git a/swad_password.c b/swad_password.c index 3645881ad..60397e938 100644 --- a/swad_password.c +++ b/swad_password.c @@ -25,6 +25,8 @@ /********************************* Headers ***********************************/ /*****************************************************************************/ +#define _GNU_SOURCE // For asprintf +#include // For asprintf #include // For system, getenv, etc. #include // For string functions #include // For the macro WEXITSTATUS @@ -112,15 +114,16 @@ bool Pwd_CheckCurrentPassword (void) bool Pwd_CheckPendingPassword (void) { - char Query[256]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; /***** Get pending password from database *****/ - sprintf (Query,"SELECT PendingPassword FROM pending_passwd" - " WHERE UsrCod=%ld", - Gbl.Usrs.Me.UsrDat.UsrCod); - if (DB_QuerySELECT (Query,&mysql_res,"can not get pending password")) + if (asprintf (&Query,"SELECT PendingPassword FROM pending_passwd" + " WHERE UsrCod=%ld", + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + if (DB_QuerySELECT_free (Query,&mysql_res,"can not get pending password")) { /* Get encrypted pending password */ row = mysql_fetch_row (mysql_res); @@ -144,14 +147,15 @@ bool Pwd_CheckPendingPassword (void) void Pwd_AssignMyPendingPasswordToMyCurrentPassword (void) { - char Query[128 + Pwd_BYTES_ENCRYPTED_PASSWORD]; + char *Query; /***** Update my current password in database *****/ - sprintf (Query,"UPDATE usr_data SET Password='%s'" - " WHERE UsrCod=%ld", - Gbl.Usrs.Me.PendingPassword, - Gbl.Usrs.Me.UsrDat.UsrCod); - DB_QueryUPDATE (Query,"can not update your password"); + if (asprintf (&Query,"UPDATE usr_data SET Password='%s'" + " WHERE UsrCod=%ld", + Gbl.Usrs.Me.PendingPassword, + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not update your password"); /***** Update my current password *****/ Str_Copy (Gbl.Usrs.Me.UsrDat.Password,Gbl.Usrs.Me.PendingPassword, @@ -510,24 +514,26 @@ static void Pwd_CreateANewPassword (char PlainPassword[Pwd_MAX_BYTES_PLAIN_PASSW void Pwd_SetMyPendingPassword (char PlainPassword[Pwd_MAX_BYTES_PLAIN_PASSWORD + 1]) { - char Query[256 + Pwd_BYTES_ENCRYPTED_PASSWORD]; + char *Query; /***** Encrypt my pending password *****/ Cry_EncryptSHA512Base64 (PlainPassword,Gbl.Usrs.Me.PendingPassword); /***** Remove expired pending passwords from database *****/ - sprintf (Query,"DELETE FROM pending_passwd" - " WHERE DateAndTime 0) - sprintf (Query,"SELECT COUNT(*) FROM usr_data" - " WHERE Password='%s' AND UsrCod<>%ld", - EncryptedPassword,UsrCod); + { + if (asprintf (&Query,"SELECT COUNT(*) FROM usr_data" + " WHERE Password='%s' AND UsrCod<>%ld", + EncryptedPassword,UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + } else - sprintf (Query,"SELECT COUNT(*) FROM usr_data" - " WHERE Password='%s'", - EncryptedPassword); - return (unsigned) DB_QueryCOUNT (Query,"can not check if a password is trivial"); + { + if (asprintf (&Query,"SELECT COUNT(*) FROM usr_data" + " WHERE Password='%s'", + EncryptedPassword) < 0) + Lay_NotEnoughMemoryExit (); + } + return (unsigned) DB_QueryCOUNT_free (Query,"can not check if a password is trivial"); } /*****************************************************************************/ diff --git a/swad_photo.c b/swad_photo.c index eb7b4e15a..fe8a1e8be 100644 --- a/swad_photo.c +++ b/swad_photo.c @@ -25,9 +25,11 @@ /********************************* Headers ***********************************/ /*****************************************************************************/ +#define _GNU_SOURCE // For asprintf #include // For PATH_MAX #include // For NULL #include // For log10, floor, ceil, modf, sqrt... +#include // For asprintf #include // For system, getenv, etc. #include // For string functions #include // For the macro WEXITSTATUS @@ -119,7 +121,7 @@ static void Pho_PutLinkToCalculateDegreeStats (void); static void Pho_GetMaxStdsPerDegree (void); static void Pho_ShowOrPrintClassPhotoDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrint); static void Pho_ShowOrPrintListDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrint); -static void Pho_BuildQueryOfDegrees (char *Query); +static void Pho_BuildQueryOfDegrees (char **Query); static void Pho_GetNumStdsInDegree (long DegCod,Usr_Sex_t Sex,int *NumStds,int *NumStdsWithPhoto); static void Pho_UpdateDegStats (long DegCod,Usr_Sex_t Sex,unsigned NumStds,unsigned NumStdsWithPhoto,long TimeToComputeAvgPhoto); static void Pho_ShowDegreeStat (int NumStds,int NumStdsWithPhoto); @@ -975,17 +977,18 @@ static void Pho_UpdatePhoto2 (void) unsigned Pho_UpdateMyClicksWithoutPhoto (void) { - char Query[512]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; unsigned NumClicks; /***** Get number of clicks without photo from database *****/ - sprintf (Query,"SELECT NumClicks FROM clicks_without_photo" - " WHERE UsrCod=%ld", - Gbl.Usrs.Me.UsrDat.UsrCod); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get number of clicks without photo"); + if (asprintf (&Query,"SELECT NumClicks FROM clicks_without_photo" + " WHERE UsrCod=%ld", + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + NumRows = DB_QuerySELECT_free (Query,&mysql_res,"can not get number of clicks without photo"); /***** Update the list of clicks without photo *****/ if (NumRows) // The user exists ==> update number of clicks without photo @@ -997,22 +1000,24 @@ unsigned Pho_UpdateMyClicksWithoutPhoto (void) /* Update number of clicks */ if (NumClicks <= Pho_MAX_CLICKS_WITHOUT_PHOTO) { - sprintf (Query,"UPDATE clicks_without_photo" - " SET NumClicks=NumClicks+1 WHERE UsrCod=%ld", - Gbl.Usrs.Me.UsrDat.UsrCod); - DB_QueryUPDATE (Query,"can not update number of clicks without photo"); + if (asprintf (&Query,"UPDATE clicks_without_photo" + " SET NumClicks=NumClicks+1 WHERE UsrCod=%ld", + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not update number of clicks without photo"); NumClicks++; } } else // The user does not exist ==> add him/her { /* Add the user, with one access */ - sprintf (Query,"INSERT INTO clicks_without_photo" - " (UsrCod,NumClicks)" - " VALUES" - " (%ld,1)", - Gbl.Usrs.Me.UsrDat.UsrCod); - DB_QueryINSERT (Query,"can not create number of clicks without photo"); + if (asprintf (&Query,"INSERT INTO clicks_without_photo" + " (UsrCod,NumClicks)" + " VALUES" + " (%ld,1)", + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryINSERT_free (Query,"can not create number of clicks without photo"); NumClicks = 1; } @@ -1029,10 +1034,12 @@ unsigned Pho_UpdateMyClicksWithoutPhoto (void) void Pho_RemoveUsrFromTableClicksWithoutPhoto (long UsrCod) { - char Query[512]; + char *Query; - sprintf (Query,"DELETE FROM clicks_without_photo WHERE UsrCod=%ld",UsrCod); - DB_QueryDELETE (Query,"can not remove a user from the list of users without photo"); + if (asprintf (&Query,"DELETE FROM clicks_without_photo WHERE UsrCod=%ld", + UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryDELETE_free (Query,"can not remove a user from the list of users without photo"); } /*****************************************************************************/ @@ -1185,13 +1192,14 @@ bool Pho_RemovePhoto (struct UsrData *UsrDat) static void Pho_ClearPhotoName (long UsrCod) { - char Query[128]; + char *Query; /***** Clear photo name in user's data *****/ - sprintf (Query,"UPDATE usr_data SET Photo=''" - " WHERE UsrCod=%ld", - UsrCod); - DB_QueryUPDATE (Query,"can not clear the name of a user's photo"); + if (asprintf (&Query,"UPDATE usr_data SET Photo=''" + " WHERE UsrCod=%ld", + UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not clear the name of a user's photo"); } /*****************************************************************************/ @@ -1200,14 +1208,15 @@ static void Pho_ClearPhotoName (long UsrCod) void Pho_UpdatePhotoName (struct UsrData *UsrDat) { - char Query[512]; + char *Query; char PathPublPhoto[PATH_MAX + 1]; /***** Update photo name in database *****/ - sprintf (Query,"UPDATE usr_data SET Photo='%s'" - " WHERE UsrCod=%ld", - Gbl.UniqueNameEncrypted,UsrDat->UsrCod); - DB_QueryUPDATE (Query,"can not update the name of a user's photo"); + if (asprintf (&Query,"UPDATE usr_data SET Photo='%s'" + " WHERE UsrCod=%ld", + Gbl.UniqueNameEncrypted,UsrDat->UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not update the name of a user's photo"); /***** Remove the old symbolic link to photo *****/ snprintf (PathPublPhoto,sizeof (PathPublPhoto), @@ -1329,17 +1338,18 @@ void Pho_ShowUsrPhoto (const struct UsrData *UsrDat,const char *PhotoURL, void Pho_ChangePhotoVisibility (void) { extern const char *Pri_VisibilityDB[Pri_NUM_OPTIONS_PRIVACY]; - char Query[128]; + char *Query; /***** Get param with public/private photo *****/ Gbl.Usrs.Me.UsrDat.PhotoVisibility = Pri_GetParamVisibility ("VisPho"); /***** Store public/private photo in database *****/ - sprintf (Query,"UPDATE usr_data SET PhotoVisibility='%s'" - " WHERE UsrCod=%ld", - Pri_VisibilityDB[Gbl.Usrs.Me.UsrDat.PhotoVisibility], - Gbl.Usrs.Me.UsrDat.UsrCod); - DB_QueryUPDATE (Query,"can not update your preference about photo visibility"); + if (asprintf (&Query,"UPDATE usr_data SET PhotoVisibility='%s'" + " WHERE UsrCod=%ld", + Pri_VisibilityDB[Gbl.Usrs.Me.UsrDat.PhotoVisibility], + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not update your preference about photo visibility"); /***** Show form again *****/ Pre_EditPrefs (); @@ -1433,7 +1443,7 @@ void Pho_CalcPhotoDegree (void) static long Pho_GetDegWithAvgPhotoLeastRecentlyUpdated (void) { - char Query[1024]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows = 0; @@ -1445,16 +1455,17 @@ static long Pho_GetDegWithAvgPhotoLeastRecentlyUpdated (void) /***** 1. If a degree is not in table of computed degrees, choose it as least recently updated *****/ /* Get one degree with students not yet computed */ - sprintf (Query,"SELECT DISTINCT degrees.DegCod" - " FROM degrees,courses,crs_usr" - " WHERE degrees.DegCod=courses.DegCod" - " AND courses.CrsCod=crs_usr.CrsCod" - " AND crs_usr.Role=%u" - " AND degrees.DegCod NOT IN" - " (SELECT DISTINCT DegCod FROM sta_degrees)" - " LIMIT 1", - (unsigned) Rol_STD); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get degrees"); + if (asprintf (&Query,"SELECT DISTINCT degrees.DegCod" + " FROM degrees,courses,crs_usr" + " WHERE degrees.DegCod=courses.DegCod" + " AND courses.CrsCod=crs_usr.CrsCod" + " AND crs_usr.Role=%u" + " AND degrees.DegCod NOT IN" + " (SELECT DISTINCT DegCod FROM sta_degrees)" + " LIMIT 1", + (unsigned) Rol_STD) < 0) + Lay_NotEnoughMemoryExit (); + NumRows = DB_QuerySELECT_free (Query,&mysql_res,"can not get degrees"); /* If number of rows is 1, then get the degree code */ if (NumRows == 1) @@ -1474,16 +1485,17 @@ static long Pho_GetDegWithAvgPhotoLeastRecentlyUpdated (void) /***** 2. If all the degrees are in table, choose the least recently updated that has students *****/ /* Get degrees from database */ - sprintf (Query,"SELECT sta_degrees.DegCod" - " FROM sta_degrees,courses,crs_usr" - " WHERE sta_degrees.TimeAvgPhoto0"); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get maximum number of students in a degree"); + if (asprintf (&Query,"SELECT MAX(NumStds),MAX(NumStdsWithPhoto)," + "MAX(NumStdsWithPhoto/NumStds)" + " FROM sta_degrees" + " WHERE Sex='all' AND NumStds>0") < 0) + Lay_NotEnoughMemoryExit (); + NumRows = DB_QuerySELECT_free (Query,&mysql_res, + "can not get maximum number of students in a degree"); /***** Count number of rows in result *****/ if (NumRows == 1) @@ -2125,7 +2144,7 @@ static void Pho_GetMaxStdsPerDegree (void) static void Pho_ShowOrPrintClassPhotoDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrint) { - char Query[512]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRow; @@ -2137,8 +2156,8 @@ static void Pho_ShowOrPrintClassPhotoDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrin bool TRIsOpen = false; /***** Get degrees from database *****/ - Pho_BuildQueryOfDegrees (Query); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get degrees"); + Pho_BuildQueryOfDegrees (&Query); + NumRows = DB_QuerySELECT_free (Query,&mysql_res,"can not get degrees"); if (NumRows) // Degrees with students found { @@ -2207,7 +2226,7 @@ static void Pho_ShowOrPrintListDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrint) extern const char *Txt_No_INDEX; extern const char *Txt_Degree; extern const char *Txt_SEX_PLURAL_Abc[Usr_NUM_SEXS]; - char Query[512]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRow; @@ -2219,8 +2238,8 @@ static void Pho_ShowOrPrintListDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrint) Usr_Sex_t Sex; /***** Get degrees from database *****/ - Pho_BuildQueryOfDegrees (Query); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get degrees"); + Pho_BuildQueryOfDegrees (&Query); + NumRows = DB_QuerySELECT_free (Query,&mysql_res,"can not get degrees"); if (NumRows) // Degrees with students found { @@ -2316,41 +2335,50 @@ static void Pho_ShowOrPrintListDegrees (Pho_AvgPhotoSeeOrPrint_t SeeOrPrint) /****** Build a query to get the degrees ordered by different criteria *******/ /*****************************************************************************/ -static void Pho_BuildQueryOfDegrees (char *Query) +static void Pho_BuildQueryOfDegrees (char **Query) { switch (Gbl.Stat.DegPhotos.HowOrderDegrees) { case Pho_NUMBER_OF_STUDENTS: - sprintf (Query,"SELECT degrees.DegCod" - " FROM degrees,sta_degrees" - " WHERE sta_degrees.Sex='all'" - " AND sta_degrees.NumStds>0" - " AND degrees.DegCod=sta_degrees.DegCod" - " ORDER BY sta_degrees.NumStds DESC,sta_degrees.NumStdsWithPhoto DESC,degrees.ShortName"); + if (asprintf (Query,"SELECT degrees.DegCod" + " FROM degrees,sta_degrees" + " WHERE sta_degrees.Sex='all'" + " AND sta_degrees.NumStds>0" + " AND degrees.DegCod=sta_degrees.DegCod" + " ORDER BY sta_degrees.NumStds DESC," + "sta_degrees.NumStdsWithPhoto DESC," + "degrees.ShortName") < 0) + Lay_NotEnoughMemoryExit (); break; case Pho_NUMBER_OF_PHOTOS: - sprintf (Query,"SELECT degrees.DegCod" - " FROM degrees,sta_degrees" - " WHERE sta_degrees.Sex='all'" - " AND sta_degrees.NumStds>0" - " AND degrees.DegCod=sta_degrees.DegCod" - " ORDER BY sta_degrees.NumStdsWithPhoto DESC,sta_degrees.NumStds DESC,degrees.ShortName"); + if (asprintf (Query,"SELECT degrees.DegCod" + " FROM degrees,sta_degrees" + " WHERE sta_degrees.Sex='all'" + " AND sta_degrees.NumStds>0" + " AND degrees.DegCod=sta_degrees.DegCod" + " ORDER BY sta_degrees.NumStdsWithPhoto DESC," + "sta_degrees.NumStds DESC," + "degrees.ShortName") < 0) + Lay_NotEnoughMemoryExit (); break; case Pho_PERCENT: - sprintf (Query,"SELECT degrees.DegCod" - " FROM degrees,sta_degrees" - " WHERE sta_degrees.Sex='all'" - " AND sta_degrees.NumStds>0" - " AND degrees.DegCod=sta_degrees.DegCod" - " ORDER BY sta_degrees.NumStdsWithPhoto/sta_degrees.NumStds DESC,degrees.ShortName"); + if (asprintf (Query,"SELECT degrees.DegCod" + " FROM degrees,sta_degrees" + " WHERE sta_degrees.Sex='all'" + " AND sta_degrees.NumStds>0" + " AND degrees.DegCod=sta_degrees.DegCod" + " ORDER BY sta_degrees.NumStdsWithPhoto/sta_degrees.NumStds DESC," + "degrees.ShortName") < 0) + Lay_NotEnoughMemoryExit (); break; case Pho_DEGREE_NAME: - sprintf (Query,"SELECT degrees.DegCod" - " FROM degrees,sta_degrees" - " WHERE sta_degrees.Sex='all'" - " AND sta_degrees.NumStds>0" - " AND degrees.DegCod=sta_degrees.DegCod" - " ORDER BY degrees.ShortName"); + if (asprintf (Query,"SELECT degrees.DegCod" + " FROM degrees,sta_degrees" + " WHERE sta_degrees.Sex='all'" + " AND sta_degrees.NumStds>0" + " AND degrees.DegCod=sta_degrees.DegCod" + " ORDER BY degrees.ShortName") < 0) + Lay_NotEnoughMemoryExit (); break; } } @@ -2362,16 +2390,17 @@ static void Pho_BuildQueryOfDegrees (char *Query) static void Pho_GetNumStdsInDegree (long DegCod,Usr_Sex_t Sex,int *NumStds,int *NumStdsWithPhoto) { extern const char *Usr_StringsSexDB[Usr_NUM_SEXS]; - char Query[512]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; /***** Get the number of students in a degree from database *****/ - sprintf (Query,"SELECT NumStds,NumStdsWithPhoto FROM sta_degrees" - " WHERE DegCod=%ld AND Sex='%s'", - DegCod,Usr_StringsSexDB[Sex]); - NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get the number of students in a degree"); + if (asprintf (&Query,"SELECT NumStds,NumStdsWithPhoto FROM sta_degrees" + " WHERE DegCod=%ld AND Sex='%s'", + DegCod,Usr_StringsSexDB[Sex]) < 0) + Lay_NotEnoughMemoryExit (); + NumRows = DB_QuerySELECT_free (Query,&mysql_res,"can not get the number of students in a degree"); if (NumRows == 0) *NumStds = *NumStdsWithPhoto = -1; @@ -2395,14 +2424,17 @@ static void Pho_GetNumStdsInDegree (long DegCod,Usr_Sex_t Sex,int *NumStds,int * static void Pho_UpdateDegStats (long DegCod,Usr_Sex_t Sex,unsigned NumStds,unsigned NumStdsWithPhoto,long TimeToComputeAvgPhotoInMicroseconds) { extern const char *Usr_StringsSexDB[Usr_NUM_SEXS]; - char Query[1024]; + char *Query; - sprintf (Query,"REPLACE INTO sta_degrees" - " (DegCod,Sex,NumStds,NumStdsWithPhoto,TimeAvgPhoto,TimeToComputeAvgPhoto)" - " VALUES" - " (%ld,'%s',%u,%u,NOW(),%ld)", - DegCod,Usr_StringsSexDB[Sex],NumStds,NumStdsWithPhoto,TimeToComputeAvgPhotoInMicroseconds); - DB_QueryREPLACE (Query,"can not save stats of a degree"); + if (asprintf (&Query,"REPLACE INTO sta_degrees" + " (DegCod,Sex,NumStds,NumStdsWithPhoto," + "TimeAvgPhoto,TimeToComputeAvgPhoto)" + " VALUES" + " (%ld,'%s',%u,%u,NOW(),%ld)", + DegCod,Usr_StringsSexDB[Sex],NumStds,NumStdsWithPhoto, + TimeToComputeAvgPhotoInMicroseconds) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryREPLACE_free (Query,"can not save stats of a degree"); } /*****************************************************************************/