diff --git a/swad_account.c b/swad_account.c index 81373c02d..2456743ef 100644 --- a/swad_account.c +++ b/swad_account.c @@ -25,8 +25,6 @@ /*********************************** Headers *********************************/ /*****************************************************************************/ -#define _GNU_SOURCE // For asprintf -#include // For asprintf #include // For string functions #include "swad_account.h" diff --git a/swad_action.c b/swad_action.c index f67c2939b..d1f52dda3 100644 --- a/swad_action.c +++ b/swad_action.c @@ -25,9 +25,8 @@ /*********************************** Headers *********************************/ /*****************************************************************************/ -#define _GNU_SOURCE // For asprintf #include // For NULL -#include // For fprintf, asprintf +#include // For fprintf #include // For malloc and free #include // For string functions diff --git a/swad_agenda.c b/swad_agenda.c index dbe168d8f..4896270b2 100644 --- a/swad_agenda.c +++ b/swad_agenda.c @@ -982,11 +982,11 @@ static void Agd_GetParamEventOrder (void) static void Agd_GetListEvents (Agd_AgendaType_t AgendaType) { - char UsrSubQuery[Agd_MAX_BYTES_SUBQUERY]; + char *UsrSubQuery; char Past__FutureEventsSubQuery[Agd_MAX_BYTES_SUBQUERY]; char PrivatPublicEventsSubQuery[Agd_MAX_BYTES_SUBQUERY]; char HiddenVisiblEventsSubQuery[Agd_MAX_BYTES_SUBQUERY]; - char OrderBySubQuery[Agd_MAX_BYTES_SUBQUERY]; + char *OrderBySubQuery; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; @@ -1008,7 +1008,9 @@ static void Agd_GetListEvents (Agd_AgendaType_t AgendaType) DoQuery = false; // Nothing to get from database else { - sprintf (UsrSubQuery,"UsrCod=%ld",Gbl.Usrs.Me.UsrDat.UsrCod); + if (asprintf (&UsrSubQuery,"UsrCod=%ld", + Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); if (AgendaType == Agd_MY_AGENDA_TODAY) Str_Copy (Past__FutureEventsSubQuery, " AND DATE(StartTime)<=CURDATE()" @@ -1063,7 +1065,9 @@ static void Agd_GetListEvents (Agd_AgendaType_t AgendaType) break; case Agd_ANOTHER_AGENDA_TODAY: case Agd_ANOTHER_AGENDA: - sprintf (UsrSubQuery,"UsrCod=%ld",Gbl.Usrs.Other.UsrDat.UsrCod); + if (asprintf (&UsrSubQuery,"UsrCod=%ld", + Gbl.Usrs.Other.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); if (AgendaType == Agd_ANOTHER_AGENDA_TODAY) Str_Copy (Past__FutureEventsSubQuery, " AND DATE(StartTime)<=CURDATE()" @@ -1085,18 +1089,18 @@ static void Agd_GetListEvents (Agd_AgendaType_t AgendaType) switch (Gbl.Agenda.SelectedOrder) { case Agd_ORDER_BY_START_DATE: - Str_Copy (OrderBySubQuery,"StartTime," - "EndTime," - "Event," - "Location", - Agd_MAX_BYTES_SUBQUERY); + if (asprintf (&OrderBySubQuery,"StartTime," + "EndTime," + "Event," + "Location") < 0) + Lay_NotEnoughMemoryExit (); break; case Agd_ORDER_BY_END_DATE: - Str_Copy (OrderBySubQuery,"EndTime," - "StartTime," - "Event," - "Location", - Agd_MAX_BYTES_SUBQUERY); + if (asprintf (&OrderBySubQuery,"EndTime," + "StartTime," + "Event," + "Location") < 0) + Lay_NotEnoughMemoryExit (); break; } @@ -1111,6 +1115,10 @@ static void Agd_GetListEvents (Agd_AgendaType_t AgendaType) OrderBySubQuery); NumRows = DB_QuerySELECT_new (&mysql_res,"can not get agenda events"); + /* Free allocated memory for subqueries */ + free ((void *) OrderBySubQuery); + free ((void *) UsrSubQuery); + if (NumRows) // Events found... { Gbl.Agenda.Num = (unsigned) NumRows; diff --git a/swad_announcement.c b/swad_announcement.c index 6a43dee45..9411990a4 100644 --- a/swad_announcement.c +++ b/swad_announcement.c @@ -25,9 +25,6 @@ /*********************************** Headers *********************************/ /*****************************************************************************/ -#define _GNU_SOURCE // For asprintf -#include // For asprintf - #include "swad_announcement.h" #include "swad_box.h" #include "swad_database.h" diff --git a/swad_assignment.c b/swad_assignment.c index 15e982748..b8bbf7775 100644 --- a/swad_assignment.c +++ b/swad_assignment.c @@ -621,8 +621,8 @@ static void Asg_PutParams (void) void Asg_GetListAssignments (void) { - char HiddenSubQuery[256]; - char OrderBySubQuery[256]; + char *HiddenSubQuery; + char *OrderBySubQuery; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; @@ -639,16 +639,21 @@ void Asg_GetListAssignments (void) HiddenSubQuery[0] = '\0'; break; default: - sprintf (HiddenSubQuery," AND Hidden='N'"); + if (asprintf (&HiddenSubQuery," AND Hidden='N'") < 0) + Lay_NotEnoughMemoryExit (); break; } switch (Gbl.Asgs.SelectedOrder) { case Dat_START_TIME: - sprintf (OrderBySubQuery,"StartTime DESC,EndTime DESC,Title DESC"); + if (asprintf (&OrderBySubQuery, + "StartTime DESC,EndTime DESC,Title DESC") < 0) + Lay_NotEnoughMemoryExit (); break; case Dat_END_TIME: - sprintf (OrderBySubQuery,"EndTime DESC,StartTime DESC,Title DESC"); + if (asprintf (&OrderBySubQuery, + "EndTime DESC,StartTime DESC,Title DESC") < 0) + Lay_NotEnoughMemoryExit (); break; } if (Gbl.CurrentCrs.Grps.WhichGrps == Grp_ONLY_MY_GROUPS) @@ -659,8 +664,7 @@ void Asg_GetListAssignments (void) " AsgCod IN (SELECT asg_grp.AsgCod FROM asg_grp,crs_grp_usr" " WHERE crs_grp_usr.UsrCod=%ld AND asg_grp.GrpCod=crs_grp_usr.GrpCod))" " ORDER BY %s", - Gbl.CurrentCrs.Crs.CrsCod, - HiddenSubQuery, + Gbl.CurrentCrs.Crs.CrsCod,HiddenSubQuery, Gbl.Usrs.Me.UsrDat.UsrCod, OrderBySubQuery); else // Gbl.CurrentCrs.Grps.WhichGrps == Grp_ALL_GROUPS @@ -668,9 +672,14 @@ void Asg_GetListAssignments (void) " FROM assignments" " WHERE CrsCod=%ld%s" " ORDER BY %s", - Gbl.CurrentCrs.Crs.CrsCod,HiddenSubQuery,OrderBySubQuery); + Gbl.CurrentCrs.Crs.CrsCod,HiddenSubQuery, + OrderBySubQuery); NumRows = DB_QuerySELECT_new (&mysql_res,"can not get assignments"); + /* Free allocated memory for subqueries */ + free ((void *) OrderBySubQuery); + free ((void *) HiddenSubQuery); + if (NumRows) // Assignments found... { Gbl.Asgs.Num = (unsigned) NumRows; diff --git a/swad_attendance.c b/swad_attendance.c index 06e842d7f..960192c90 100644 --- a/swad_attendance.c +++ b/swad_attendance.c @@ -604,8 +604,8 @@ static void Att_PutParams (void) static void Att_GetListAttEvents (Att_OrderTime_t Order) { - char HiddenSubQuery[256]; - char OrderBySubQuery[256]; + char *HiddenSubQuery; + char *OrderBySubQuery; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; @@ -619,25 +619,27 @@ static void Att_GetListAttEvents (Att_OrderTime_t Order) { case Rol_TCH: case Rol_SYS_ADM: - HiddenSubQuery[0] = '\0'; + if (asprintf (&HiddenSubQuery,"%s","") < 0) + Lay_NotEnoughMemoryExit (); break; default: - sprintf (HiddenSubQuery," AND Hidden='N'"); + if (asprintf (&HiddenSubQuery," AND Hidden='N'") < 0) + Lay_NotEnoughMemoryExit (); break; } switch (Gbl.AttEvents.SelectedOrder) { case Dat_START_TIME: - if (Order == Att_NEWEST_FIRST) - sprintf (OrderBySubQuery,"StartTime DESC,EndTime DESC,Title DESC"); - else - sprintf (OrderBySubQuery,"StartTime,EndTime,Title"); + if (asprintf (&OrderBySubQuery, + (Order == Att_NEWEST_FIRST) ? "StartTime DESC,EndTime DESC,Title DESC" : + "StartTime,EndTime,Title") < 0) + Lay_NotEnoughMemoryExit (); break; case Dat_END_TIME: - if (Order == Att_NEWEST_FIRST) - sprintf (OrderBySubQuery,"EndTime DESC,StartTime DESC,Title DESC"); - else - sprintf (OrderBySubQuery,"EndTime,StartTime,Title"); + if (asprintf (&OrderBySubQuery, + (Order == Att_NEWEST_FIRST) ? "EndTime DESC,StartTime DESC,Title DESC" : + "EndTime,StartTime,Title") < 0) + Lay_NotEnoughMemoryExit (); break; } if (Gbl.CurrentCrs.Grps.WhichGrps == Grp_ONLY_MY_GROUPS) @@ -657,8 +659,13 @@ static void Att_GetListAttEvents (Att_OrderTime_t Order) " WHERE CrsCod=%ld%s" " ORDER BY %s", Gbl.CurrentCrs.Crs.CrsCod,HiddenSubQuery,OrderBySubQuery); + NumRows = DB_QuerySELECT_new (&mysql_res,"can not get attendance events"); - if ((NumRows = DB_QuerySELECT_new (&mysql_res,"can not get attendance events"))) // Attendance events found... + /* Free allocated memory for subqueries */ + free ((void *) OrderBySubQuery); + free ((void *) HiddenSubQuery); + + if (NumRows) // Attendance events found... { Gbl.AttEvents.Num = (unsigned) NumRows; @@ -2424,18 +2431,19 @@ static unsigned Att_GetNumStdsFromAListWhoAreInAttEvent (long AttCod,long LstSel Lay_NotEnoughMemoryExit (); /***** Count number of students registered in an event in database *****/ - sprintf (Gbl.DB.QueryPtr,"SELECT COUNT(*) FROM att_usr" - " WHERE AttCod=%ld" - " AND UsrCod IN (", - AttCod); + snprintf (Gbl.DB.QueryPtr,MaxLength + 1, + "SELECT COUNT(*) FROM att_usr" + " WHERE AttCod=%ld" + " AND UsrCod IN (", + AttCod); for (NumStd = 0; NumStd < NumStdsInList; NumStd++) { - sprintf (SubQuery, - NumStd ? ",%ld" : - "%ld", - LstSelectedUsrCods[NumStd]); + snprintf (SubQuery,sizeof (SubQuery), + NumStd ? ",%ld" : + "%ld", + LstSelectedUsrCods[NumStd]); Str_Concat (Gbl.DB.QueryPtr,SubQuery, MaxLength); } diff --git a/swad_centre.c b/swad_centre.c index 5a4859a22..584b94df6 100644 --- a/swad_centre.c +++ b/swad_centre.c @@ -1033,7 +1033,7 @@ static void Ctr_PutIconToViewCentres (void) void Ctr_GetListCentres (long InsCod) { - char OrderBySubQuery[256]; + char *OrderBySubQuery; MYSQL_RES *mysql_res; MYSQL_ROW row; unsigned long NumRows; @@ -1044,10 +1044,12 @@ void Ctr_GetListCentres (long InsCod) switch (Gbl.Ctrs.SelectedOrder) { case Ctr_ORDER_BY_CENTRE: - sprintf (OrderBySubQuery,"FullName"); + if (asprintf (&OrderBySubQuery,"FullName") < 0) + Lay_NotEnoughMemoryExit (); break; case Ctr_ORDER_BY_NUM_TCHS: - sprintf (OrderBySubQuery,"NumUsrs DESC,FullName"); + if (asprintf (&OrderBySubQuery,"NumUsrs DESC,FullName") < 0) + Lay_NotEnoughMemoryExit (); break; } DB_BuildQuery ("(SELECT centres.CtrCod,centres.InsCod,centres.PlcCod," @@ -1070,6 +1072,7 @@ void Ctr_GetListCentres (long InsCod) InsCod, OrderBySubQuery); NumRows = DB_QuerySELECT_new (&mysql_res,"can not get centres"); + free ((void *) OrderBySubQuery); if (NumRows) // Centres found... { diff --git a/swad_changelog.h b/swad_changelog.h index 86f32d266..be192a43e 100644 --- a/swad_changelog.h +++ b/swad_changelog.h @@ -355,10 +355,11 @@ En OpenSWAD: ps2pdf source.ps destination.pdf */ -#define Log_PLATFORM_VERSION "SWAD 18.9.8 (2018-10-30)" +#define Log_PLATFORM_VERSION "SWAD 18.9.10 (2018-10-30)" #define CSS_FILE "swad18.4.css" #define JS_FILE "swad17.17.1.js" /* + Version 18.9.10: Oct 30, 2018 Some sprintf for database queries changed by asprintf. (235311 lines) Version 18.9.8: Oct 30, 2018 Cleaning unused functions. (235694 lines) Version 18.9.7: Oct 29, 2018 Some sprintf for database queries changed by internal function. (235705 lines) Version 18.9.6: Oct 29, 2018 Some sprintf for database queries changed by internal function. diff --git a/swad_convert_briefcases.c b/swad_convert_briefcases.c deleted file mode 100644 index 84d5aa8de..000000000 --- a/swad_convert_briefcases.c +++ /dev/null @@ -1,129 +0,0 @@ -// swad_convert_BRIEFs.c -// Created on: 26/11/2013 -// Author: Antonio Caņas Vargas -// Compile with: gcc -Wall -O1 swad_convert_BRIEFs.c -o swad_convert_BRIEFs -lmysqlclient -L/usr/lib64/mysql - -#include "swad_ID.h" - -#include -#include -#include -#include -#include -#include - -#define DATABASE_HOST "swad.ugr.es" -#define DATABASE_USER "swad" -#define DATABASE_PASSWORD "********" -#define DATABASE_DBNAME "swad" -#define PATH_SWAD_PRIVATE "/var/www/swad" -#define FOLDER_USR "usr" -#define WEB_USER "apache" - -void ExecuteCommand (const char *Command) - { - printf ("%s\n",Command); - - if (system (Command) < 0) - { - fprintf (stderr,"Error when executing command: %s\n",Command); - exit (1); - } - - } - -int CheckIfPathExists (const char *Path) - { - return access (Path,F_OK) ? 0 : - 1; - } - -int main (void) - { - char *Query = "SELECT UsrCod,UsrID FROM usr_IDs ORDER BY UsrCod"; - MYSQL mysql; - MYSQL_RES *mysql_res; - MYSQL_ROW row; - unsigned NumRows; - unsigned NumUsrs = 0; - unsigned i; - long UsrCod; - char UsrID[ID_MAX_BYTES_USR_ID + 1]; - char OldPathUsr[PATH_MAX + 1]; - char Command[1024 + PATH_MAX * 2]; - - snprintf (Command,sizeof (Command), - "mv %s/%s %s/%s_backup", - PATH_SWAD_PRIVATE,FOLDER_USR, - PATH_SWAD_PRIVATE,FOLDER_USR); - ExecuteCommand (Command); - snprintf (Command,sizeof (Command), - "mkdir %s/%s", - PATH_SWAD_PRIVATE,FOLDER_USR); - ExecuteCommand (Command); - for (i=0; i<100; i++) - { - snprintf (Command,sizeof (Command), - "mkdir %s/%s/%02u", - PATH_SWAD_PRIVATE,FOLDER_USR,i); - ExecuteCommand (Command); - } - - if (mysql_init (&mysql) == NULL) - { - fprintf (stderr,"Can not init MySQL."); - return 1; - } - if (!mysql_real_connect (&mysql,DATABASE_HOST,DATABASE_USER,DATABASE_PASSWORD,DATABASE_DBNAME,0,NULL,0)) - { - fprintf (stderr,"Can not connect to database"); - return 2; - } - if (mysql_query (&mysql,Query)) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 3; - } - if ((mysql_res = mysql_store_result (&mysql)) == NULL) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 4; - } - if ((NumRows = (unsigned) mysql_num_rows (mysql_res))) - { - for (i=0; i -#include -#include -#include -#include -#include - -#define DATABASE_HOST "swad.ugr.es" -#define DATABASE_USER "swad" -#define DATABASE_PASSWORD "********" -#define DATABASE_DBNAME "swad" -#define PATH_SWAD_PRIVATE "/var/www/swad" -#define PATH_SWAD_PUBLIC "/var/www/html/swad" -#define FOLDER_PHOTO "photo" -#define WEB_USER "apache" - -void ExecuteCommand (const char *Command) - { - printf ("%s\n",Command); - - if (system (Command) < 0) - { - fprintf (stderr,"Error when executing command: %s\n",Command); - exit (1); - } - - } - -int CheckIfPathExists (const char *Path) - { - return access (Path,F_OK) ? 0 : - 1; - } - -int main (void) - { - char *Query = "SELECT UsrCod,UsrID FROM usr_IDs ORDER BY UsrCod"; - MYSQL mysql; - MYSQL_RES *mysql_res; - MYSQL_ROW row; - unsigned NumRows; - unsigned NumPhotos = 0; - unsigned i; - long UsrCod; - char UsrID[ID_MAX_BYTES_USR_ID + 1]; - char OldPathPhoto[PATH_MAX + 1]; - char Command[1024 + PATH_MAX * 2]; - - snprintf (Command,sizeof (Command), - "mv %s/%s %s/%s_backup", - PATH_SWAD_PRIVATE,FOLDER_PHOTO, - PATH_SWAD_PRIVATE,FOLDER_PHOTO); - ExecuteCommand (Command); - snprintf (Command,sizeof (Command), - "mkdir %s/%s", - PATH_SWAD_PRIVATE,FOLDER_PHOTO); - ExecuteCommand (Command); - for (i=0; i<100; i++) - { - snprintf (Command,sizeof (Command), - "mkdir %s/%s/%02u", - PATH_SWAD_PRIVATE,FOLDER_PHOTO,i); - ExecuteCommand (Command); - } - - if (mysql_init (&mysql) == NULL) - { - fprintf (stderr,"Can not init MySQL."); - return 1; - } - if (!mysql_real_connect (&mysql,DATABASE_HOST,DATABASE_USER,DATABASE_PASSWORD,DATABASE_DBNAME,0,NULL,0)) - { - fprintf (stderr,"Can not connect to database"); - return 2; - } - if (mysql_query (&mysql,Query)) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 3; - } - if ((mysql_res = mysql_store_result (&mysql)) == NULL) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 4; - } - if ((NumRows = (unsigned) mysql_num_rows (mysql_res))) - { - for (i=0; i -#include -#include -#include -#include -#include - -#define DATABASE_HOST "swad.ugr.es" -#define DATABASE_USER "swad" -#define DATABASE_PASSWORD "********" -#define DATABASE_DBNAME "swad" -#define PATH_SWAD_PRIVATE "/var/www/swad" -#define FOLDER_CRS "crs" -#define FOLDER_USR "usr" -#define WEB_USER "apache" - -void ExecuteCommand (const char *Command) - { - printf ("%s\n",Command); - - if (system (Command) < 0) - { - fprintf (stderr,"Error when executing command: %s\n",Command); - exit (1); - } - - } - -int CheckIfPathExists (const char *Path) - { - return access (Path,F_OK) ? 0 : - 1; - } - -int main (void) - { - char Query[512]; - MYSQL mysql; - MYSQL_RES *mysql_res_crs; - MYSQL_RES *mysql_res_usr; - MYSQL_ROW row; - unsigned NumCrss; - unsigned NumCrs; - unsigned NumUsrs; - unsigned NumUsr; - long CrsCod; - long UsrCod; - char UsrID[ID_MAX_BYTES_USR_ID + 1]; - char OldPathUsrs[PATH_MAX + 1]; - char OldPathUsr[PATH_MAX + 1]; - char Path02u[PATH_MAX + 1]; - char Command[1024 + PATH_MAX * 2]; - - if (mysql_init (&mysql) == NULL) - { - fprintf (stderr,"Can not init MySQL."); - return 1; - } - if (!mysql_real_connect (&mysql,DATABASE_HOST,DATABASE_USER,DATABASE_PASSWORD,DATABASE_DBNAME,0,NULL,0)) - { - fprintf (stderr,"Can not connect to database"); - return 2; - } - - sprintf (Query,"SELECT CrsCod FROM courses ORDER BY CrsCod"); - if (mysql_query (&mysql,Query)) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 3; - } - if ((mysql_res_crs = mysql_store_result (&mysql)) == NULL) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 4; - } - if ((NumCrss = (unsigned) mysql_num_rows (mysql_res_crs))) - { - for (NumCrs = 0; - NumCrs < NumCrss; - NumCrs++) - { - row = mysql_fetch_row (mysql_res_crs); - if (row[0]) - if (row[0][0]) - if (sscanf (row[0],"%ld",&CrsCod) == 1) // CrsCod - { - snprintf (OldPathUsrs,sizeof (OldPathUsrs), - "%s/%s/%ld/%s", - PATH_SWAD_PRIVATE,FOLDER_CRS,CrsCod,FOLDER_USR); - if (CheckIfPathExists (OldPathUsrs)) - { - snprintf (Command,sizeof (Command), - "mv %s %s_backup", - OldPathUsrs,OldPathUsrs); - ExecuteCommand (Command); - - snprintf (Command,sizeof (Command), - "mkdir %s", - OldPathUsrs); - ExecuteCommand (Command); - - sprintf (Query,"SELECT usr_IDs.UsrCod,usr_IDs.UsrID" - " FROM crs_usr,usr_IDs" - " WHERE crs_usr.CrsCod=%ld" - " AND crs_usr.UsrCod=usr_IDs.UsrCod" - " ORDER BY usr_IDs.UsrCod", - CrsCod); - - if (mysql_query (&mysql,Query)) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 3; - } - if ((mysql_res_usr = mysql_store_result (&mysql)) == NULL) - { - fprintf (stderr,"%s",mysql_error (&mysql)); - return 4; - } - if ((NumUsrs = (unsigned) mysql_num_rows (mysql_res_usr))) - { - for (NumUsr=0; NumUsr any role + if (Role == Rol_UNK) // Role == Rol_UNK ==> any role + { + if (asprintf (&SubQuery,"%s","") < 0) + Lay_NotEnoughMemoryExit (); + } else - sprintf (SubQuery," AND crs_usr.Role=%u",(unsigned) Role); + { + if (asprintf (&SubQuery," AND crs_usr.Role=%u",(unsigned) Role) < 0) + Lay_NotEnoughMemoryExit (); + } DB_BuildQuery ("SELECT degrees.DegCod,courses.CrsCod,degrees.ShortName,degrees.FullName," "courses.Year,courses.FullName,centres.ShortName,crs_usr.Accepted" " FROM crs_usr,courses,degrees,centres" @@ -3048,9 +3054,13 @@ void Crs_GetAndWriteCrssOfAUsr (const struct UsrData *UsrDat,Rol_Role_t Role) " AND degrees.CtrCod=centres.CtrCod" " ORDER BY degrees.FullName,courses.Year,courses.FullName", UsrDat->UsrCod,SubQuery); + NumCrss = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get courses of a user"); + + /***** Free allocated memory for subquery *****/ + free ((void *) SubQuery); /***** List the courses (one row per course) *****/ - if ((NumCrss = (unsigned) DB_QuerySELECT_new (&mysql_res,"can not get courses of a user"))) + if (NumCrss) { /* Start box and table */ Box_StartBoxTable ("100%",NULL,NULL,