Version 18.9.2

2018-10-29 11:31:05 +01:00 · 2018-10-29 11:31:05 +01:00 · 3b96d5abfa
parent 8a4e127382
commit 3b96d5abfa
10 changed files with 163 additions and 248 deletions
--- a/swad_changelog.h
+++ b/swad_changelog.h
@ -359,6 +359,7 @@ ps2pdf source.ps destination.pdf
 #define CSS_FILE		"swad18.4.css"
 #define JS_FILE			"swad17.17.1.js"
 /*
+	Version 18.9.2:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (235988 lines)
 	Version 18.9.1:   Oct 29, 2018  Some sprintf for database queries changed by internal function. (236049 lines)
 	Version 18.9:     Oct 28, 2018  Some sprintf for database queries changed by internal function. (236082 lines)
 	Version 18.8.18:  Oct 28, 2018  Some asprintf for database queries changed by internal function. (236105 lines)
--- a/swad_database.c
+++ b/swad_database.c
@ -3300,16 +3300,6 @@ void DB_QueryUPDATE_new (const char *MsgError)
   //return (unsigned long) mysql_affected_rows (&Gbl.mysql);
  }

-void DB_QueryUPDATE (const char *Query,const char *MsgError)
-  {
-   /***** Query database *****/
-   if (mysql_query (&Gbl.mysql,Query))
-      DB_ExitOnMySQLError (MsgError);
-
-   /***** Return number of rows updated *****/
-   //return (unsigned long) mysql_affected_rows (&Gbl.mysql);
-  }
-
 /*****************************************************************************/
 /******************** Make a DELETE query from database **********************/
 /*****************************************************************************/
@ -3331,13 +3321,6 @@ void DB_QueryDELETE_new (const char *MsgError)
      DB_ExitOnMySQLError (MsgError);
  }

-void DB_QueryDELETE (const char *Query,const char *MsgError)
-  {
-   /***** Query database *****/
-   if (mysql_query (&Gbl.mysql,Query))
-      DB_ExitOnMySQLError (MsgError);
-  }
-
 /*****************************************************************************/
 /**************** Make other kind of query from database *********************/
 /*****************************************************************************/
--- a/swad_database.h
+++ b/swad_database.h
@ -55,12 +55,11 @@ void DB_QueryREPLACE_new (const char *MsgError);
 void DB_QueryREPLACE (const char *Query,const char *MsgError);

 void DB_QueryUPDATE_new (const char *MsgError);
-void DB_QueryUPDATE (const char *Query,const char *MsgError);

 void DB_QueryDELETE_new (const char *MsgError);
-void DB_QueryDELETE (const char *Query,const char *MsgError);

 void DB_Query_new (const char *MsgError);
+
 void DB_FreeMySQLResult (MYSQL_RES **mysql_res);
 void DB_ExitOnMySQLError (const char *Message);

--- a/swad_search.c
+++ b/swad_search.c
@ -1289,29 +1289,25 @@ bool Sch_BuildSearchQuery (char SearchQuery[Sch_MAX_BYTES_SEARCH_QUERY + 1],

 static void Sch_SaveLastSearchIntoSession (void)
  {
-   char Query[256 +
-              Sch_MAX_BYTES_STRING_TO_FIND +
-              Cns_BYTES_SESSION_ID];
-
   if (Gbl.Usrs.Me.Logged)
     {
      if (Gbl.Search.WhatToSearch == Sch_SEARCH_UNKNOWN)
 	 Gbl.Search.WhatToSearch = Sch_WHAT_TO_SEARCH_DEFAULT;

      /***** Save last search in session *****/
-      sprintf (Query,"UPDATE sessions SET WhatToSearch=%u,SearchStr='%s'"
+      DB_BuildQuery ("UPDATE sessions SET WhatToSearch=%u,SearchStr='%s'"
 		     " WHERE SessionId='%s'",
-	       (unsigned) Gbl.Search.WhatToSearch,
-	       Gbl.Search.Str,
-	       Gbl.Session.Id);
-      DB_QueryUPDATE (Query,"can not update last search in session");
+		     (unsigned) Gbl.Search.WhatToSearch,
+		     Gbl.Search.Str,
+		     Gbl.Session.Id);
+      DB_QueryUPDATE_new ("can not update last search in session");

      /***** Update my last type of search *****/
      // WhatToSearch is stored in usr_last for next time I log in
      // In other existing sessions distinct to this, WhatToSearch will remain unchanged
-      sprintf (Query,"UPDATE usr_last SET WhatToSearch=%u WHERE UsrCod=%ld",
-	       (unsigned) Gbl.Search.WhatToSearch,
-	       Gbl.Usrs.Me.UsrDat.UsrCod);
-      DB_QueryUPDATE (Query,"can not update type of search in user's last data");
+      DB_BuildQuery ("UPDATE usr_last SET WhatToSearch=%u WHERE UsrCod=%ld",
+		     (unsigned) Gbl.Search.WhatToSearch,
+		     Gbl.Usrs.Me.UsrDat.UsrCod);
+      DB_QueryUPDATE_new ("can not update type of search in user's last data");
     }
  }
--- a/swad_session.c
+++ b/swad_session.c
@ -189,25 +189,21 @@ void Ses_InsertSessionInDB (void)

 void Ses_UpdateSessionDataInDB (void)
  {
-   char Query[1024 +
-              Pwd_BYTES_ENCRYPTED_PASSWORD +
-              Cns_BYTES_SESSION_ID];
-
   /***** Update session in database *****/
-   sprintf (Query,"UPDATE sessions SET UsrCod=%ld,Password='%s',Role=%u,"
+   DB_BuildQuery ("UPDATE sessions SET UsrCod=%ld,Password='%s',Role=%u,"
                  "CtyCod=%ld,InsCod=%ld,CtrCod=%ld,DegCod=%ld,CrsCod=%ld,"
                  "LastTime=NOW(),LastRefresh=NOW()"
                  " WHERE SessionId='%s'",
-            Gbl.Usrs.Me.UsrDat.UsrCod,
-            Gbl.Usrs.Me.UsrDat.Password,
-            (unsigned) Gbl.Usrs.Me.Role.Logged,
-            Gbl.CurrentCty.Cty.CtyCod,
-            Gbl.CurrentIns.Ins.InsCod,
-            Gbl.CurrentCtr.Ctr.CtrCod,
-            Gbl.CurrentDeg.Deg.DegCod,
-            Gbl.CurrentCrs.Crs.CrsCod,
-            Gbl.Session.Id);
-   DB_QueryUPDATE (Query,"can not update session");
+		  Gbl.Usrs.Me.UsrDat.UsrCod,
+		  Gbl.Usrs.Me.UsrDat.Password,
+		  (unsigned) Gbl.Usrs.Me.Role.Logged,
+		  Gbl.CurrentCty.Cty.CtyCod,
+		  Gbl.CurrentIns.Ins.InsCod,
+		  Gbl.CurrentCtr.Ctr.CtrCod,
+		  Gbl.CurrentDeg.Deg.DegCod,
+		  Gbl.CurrentCrs.Crs.CrsCod,
+		  Gbl.Session.Id);
+   DB_QueryUPDATE_new ("can not update session");
  }

 /*****************************************************************************/
@ -216,12 +212,10 @@ void Ses_UpdateSessionDataInDB (void)

 void Ses_UpdateSessionLastRefreshInDB (void)
  {
-   char Query[128 + Cns_BYTES_SESSION_ID];
-
   /***** Update session in database *****/
-   sprintf (Query,"UPDATE sessions SET LastRefresh=NOW() WHERE SessionId='%s'",
-	    Gbl.Session.Id);
-   DB_QueryUPDATE (Query,"can not update session");
+   DB_BuildQuery ("UPDATE sessions SET LastRefresh=NOW() WHERE SessionId='%s'",
+		  Gbl.Session.Id);
+   DB_QueryUPDATE_new ("can not update session");
  }

 /*****************************************************************************/
--- a/swad_social.c
+++ b/swad_social.c
@ -838,14 +838,12 @@ static long Soc_GetPubCodFromSession (const char *FieldName)

 static void Soc_UpdateLastPubCodIntoSession (void)
  {
-   char Query[256 + Cns_BYTES_SESSION_ID];
-
   /***** Update last publishing code *****/
-   sprintf (Query,"UPDATE sessions"
+   DB_BuildQuery ("UPDATE sessions"
 	          " SET LastPubCod=(SELECT IFNULL(MAX(PubCod),0) FROM social_pubs)"
 	          " WHERE SessionId='%s'",
-	    Gbl.Session.Id);
-   DB_QueryUPDATE (Query,"can not update last publishing code into session");
+		  Gbl.Session.Id);
+   DB_QueryUPDATE_new ("can not update last publishing code into session");
  }

 /*****************************************************************************/
@ -854,12 +852,10 @@ static void Soc_UpdateLastPubCodIntoSession (void)

 static void Soc_UpdateFirstPubCodIntoSession (long FirstPubCod)
  {
-   char Query[128 + Cns_BYTES_SESSION_ID];
-
   /***** Update last publishing code *****/
-   sprintf (Query,"UPDATE sessions SET FirstPubCod=%ld WHERE SessionId='%s'",
-	    FirstPubCod,Gbl.Session.Id);
-   DB_QueryUPDATE (Query,"can not update first publishing code into session");
+   DB_BuildQuery ("UPDATE sessions SET FirstPubCod=%ld WHERE SessionId='%s'",
+		  FirstPubCod,Gbl.Session.Id);
+   DB_QueryUPDATE_new ("can not update first publishing code into session");
  }

 /*****************************************************************************/
@ -1968,24 +1964,20 @@ void Soc_StoreAndPublishSocialNote (Soc_NoteType_t NoteType,long Cod,struct Soci

 void Soc_MarkSocialNoteAsUnavailableUsingNotCod (long NotCod)
  {
-   char Query[256];
-
   /***** Mark the social note as unavailable *****/
-   sprintf (Query,"UPDATE social_notes SET Unavailable='Y'"
+   DB_BuildQuery ("UPDATE social_notes SET Unavailable='Y'"
 		  " WHERE NotCod=%ld",
-	    NotCod);
-   DB_QueryUPDATE (Query,"can not mark social note as unavailable");
+		  NotCod);
+   DB_QueryUPDATE_new ("can not mark social note as unavailable");
  }

 void Soc_MarkSocialNoteAsUnavailableUsingNoteTypeAndCod (Soc_NoteType_t NoteType,long Cod)
  {
-   char Query[256];
-
   /***** Mark the social note as unavailable *****/
-   sprintf (Query,"UPDATE social_notes SET Unavailable='Y'"
+   DB_BuildQuery ("UPDATE social_notes SET Unavailable='Y'"
 		  " WHERE NoteType=%u AND Cod=%ld",
-	    (unsigned) NoteType,Cod);
-   DB_QueryUPDATE (Query,"can not mark social note as unavailable");
+		  (unsigned) NoteType,Cod);
+   DB_QueryUPDATE_new ("can not mark social note as unavailable");
  }

 /*****************************************************************************/
@ -2060,7 +2052,6 @@ void Soc_MarkSocialNotesChildrenOfFolderAsUnavailable (const char *Path)
   extern const Brw_FileBrowser_t Brw_FileBrowserForDB_files[Brw_NUM_TYPES_FILE_BROWSER];
   Brw_FileBrowser_t FileBrowser = Brw_FileBrowserForDB_files[Gbl.FileBrowser.Type];
   long Cod = Brw_GetCodForFiles ();
-   char Query[512];
   Soc_NoteType_t NoteType;

   switch (FileBrowser)
@ -2103,15 +2094,15 @@ void Soc_MarkSocialNotesChildrenOfFolderAsUnavailable (const char *Path)
 	    default:
 	       return;
 	   }
-         sprintf (Query,"UPDATE social_notes SET Unavailable='Y'"
+         DB_BuildQuery ("UPDATE social_notes SET Unavailable='Y'"
 		        " WHERE NoteType=%u AND Cod IN"
 	                " (SELECT FilCod FROM files"
 			" WHERE FileBrowser=%u AND Cod=%ld"
 			" AND Path LIKE '%s/%%' AND Public='Y')",	// Only public files
-	          (unsigned) NoteType,
-	          (unsigned) FileBrowser,Cod,
-	          Path);
-         DB_QueryUPDATE (Query,"can not mark social notes as unavailable");
+			(unsigned) NoteType,
+			(unsigned) FileBrowser,Cod,
+			Path);
+         DB_QueryUPDATE_new ("can not mark social notes as unavailable");
         break;
      default:
 	 break;
--- a/swad_survey.c
+++ b/swad_survey.c
@ -1686,7 +1686,6 @@ void Svy_ResetSurvey (void)
 void Svy_HideSurvey (void)
  {
   extern const char *Txt_Survey_X_is_now_hidden;
-   char Query[128];
   struct Survey Svy;
   struct SurveyQuestion SvyQst;

@ -1703,9 +1702,8 @@ void Svy_HideSurvey (void)
      Lay_ShowErrorAndExit ("You can not hide this survey.");

   /***** Hide survey *****/
-   sprintf (Query,"UPDATE surveys SET Hidden='Y' WHERE SvyCod=%ld",
-            Svy.SvyCod);
-   DB_QueryUPDATE (Query,"can not hide survey");
+   DB_BuildQuery ("UPDATE surveys SET Hidden='Y' WHERE SvyCod=%ld",Svy.SvyCod);
+   DB_QueryUPDATE_new ("can not hide survey");

   /***** Write message to show the change made *****/
   snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt),
@ -1724,7 +1722,6 @@ void Svy_HideSurvey (void)
 void Svy_UnhideSurvey (void)
  {
   extern const char *Txt_Survey_X_is_now_visible;
-   char Query[128];
   struct Survey Svy;
   struct SurveyQuestion SvyQst;

@ -1741,9 +1738,8 @@ void Svy_UnhideSurvey (void)
      Lay_ShowErrorAndExit ("You can not unhide this survey.");

   /***** Show survey *****/
-   sprintf (Query,"UPDATE surveys SET Hidden='N' WHERE SvyCod=%ld",
-            Svy.SvyCod);
-   DB_QueryUPDATE (Query,"can not show survey");
+   DB_BuildQuery ("UPDATE surveys SET Hidden='N' WHERE SvyCod=%ld",Svy.SvyCod);
+   DB_QueryUPDATE_new ("can not show survey");

   /***** Write message to show the change made *****/
   snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt),
@ -2244,13 +2240,11 @@ void Svy_RecFormSurvey (void)
 static void Svy_UpdateNumUsrsNotifiedByEMailAboutSurvey (long SvyCod,
                                                         unsigned NumUsrsToBeNotifiedByEMail)
  {
-   char Query[256];
-
   /***** Update number of users notified *****/
-   sprintf (Query,"UPDATE surveys SET NumNotif=NumNotif+%u"
+   DB_BuildQuery ("UPDATE surveys SET NumNotif=NumNotif+%u"
                  " WHERE SvyCod=%ld",
-            NumUsrsToBeNotifiedByEMail,SvyCod);
-   DB_QueryUPDATE (Query,"can not update the number of notifications of a survey");
+		  NumUsrsToBeNotifiedByEMail,SvyCod);
+   DB_QueryUPDATE_new ("can not update the number of notifications of a survey");
  }

 /*****************************************************************************/
@ -2300,25 +2294,22 @@ static void Svy_UpdateSurvey (struct Survey *Svy,const char *Txt)
  {
   extern const char *Sco_ScopeDB[Sco_NUM_SCOPES];
   extern const char *Txt_The_survey_has_been_modified;
-   char Query[1024 +
-              Svy_MAX_BYTES_SURVEY_TITLE +
-              Cns_MAX_BYTES_TEXT];

   /***** Update the data of the survey *****/
-   sprintf (Query,"UPDATE surveys"
+   DB_BuildQuery ("UPDATE surveys"
 	          " SET Scope='%s',Cod=%ld,Roles=%u,"
 	          "StartTime=FROM_UNIXTIME(%ld),"
 	          "EndTime=FROM_UNIXTIME(%ld),"
 	          "Title='%s',Txt='%s'"
                  " WHERE SvyCod=%ld",
-            Sco_ScopeDB[Svy->Scope],Svy->Cod,
-            Svy->Roles,
-            Svy->TimeUTC[Svy_START_TIME],
-            Svy->TimeUTC[Svy_END_TIME  ],
-            Svy->Title,
-            Txt,
-            Svy->SvyCod);
-   DB_QueryUPDATE (Query,"can not update survey");
+		  Sco_ScopeDB[Svy->Scope],Svy->Cod,
+		  Svy->Roles,
+		  Svy->TimeUTC[Svy_START_TIME],
+		  Svy->TimeUTC[Svy_END_TIME  ],
+		  Svy->Title,
+		  Txt,
+		  Svy->SvyCod);
+   DB_QueryUPDATE_new ("can not update survey");

   /***** Update groups *****/
   /* Remove old groups */
@ -3755,13 +3746,11 @@ static void Svy_ReceiveAndStoreUserAnswersToASurvey (long SvyCod)

 static void Svy_IncreaseAnswerInDB (long QstCod,unsigned AnsInd)
  {
-   char Query[256];
-
   /***** Increase number of users who have selected the answer AnsInd in the question QstCod *****/
-   sprintf (Query,"UPDATE svy_answers SET NumUsrs=NumUsrs+1"
+   DB_BuildQuery ("UPDATE svy_answers SET NumUsrs=NumUsrs+1"
                  " WHERE QstCod=%ld AND AnsInd=%u",
-            QstCod,AnsInd);
-   DB_QueryUPDATE (Query,"can not register your answer to the survey");
+		  QstCod,AnsInd);
+   DB_QueryUPDATE_new ("can not register your answer to the survey");
  }

 /*****************************************************************************/
--- a/swad_test.c
+++ b/swad_test.c
@ -1237,23 +1237,21 @@ void Tst_WriteQstFeedback (const char *Feedback,const char *ClassFeedback)

 static void Tst_UpdateScoreQst (long QstCod,float ScoreThisQst,bool AnswerIsNotBlank)
  {
-   char Query[512];
-
   /***** Update number of clicks and score of the question *****/
   Str_SetDecimalPointToUS ();	// To print the floating point as a dot
   if (AnswerIsNotBlank)
-      sprintf (Query,"UPDATE tst_questions"
+      DB_BuildQuery ("UPDATE tst_questions"
 	             " SET NumHits=NumHits+1,NumHitsNotBlank=NumHitsNotBlank+1,"
 	             "Score=Score+(%lf)"
                     " WHERE QstCod=%ld",
-               ScoreThisQst,QstCod);
+		     ScoreThisQst,QstCod);
   else	// The answer is blank
-      sprintf (Query,"UPDATE tst_questions"
+      DB_BuildQuery ("UPDATE tst_questions"
 	             " SET NumHits=NumHits+1"
                     " WHERE QstCod=%ld",
-               QstCod);
+		     QstCod);
   Str_SetDecimalPointToLocal ();	// Return to local system
-   DB_QueryUPDATE (Query,"can not update the score of a question");
+   DB_QueryUPDATE_new ("can not update the score of a question");
  }

 /*****************************************************************************/
@ -1262,14 +1260,12 @@ static void Tst_UpdateScoreQst (long QstCod,float ScoreThisQst,bool AnswerIsNotB

 static void Tst_UpdateMyNumAccessTst (unsigned NumAccessesTst)
  {
-   char Query[256];
-
   /***** Update my number of accesses to test in this course *****/
-   sprintf (Query,"UPDATE crs_usr SET NumAccTst=%u"
+   DB_BuildQuery ("UPDATE crs_usr SET NumAccTst=%u"
                  " WHERE CrsCod=%ld AND UsrCod=%ld",
-	    NumAccessesTst,
-	    Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-   DB_QueryUPDATE (Query,"can not update the number of accesses to test");
+		  NumAccessesTst,
+		  Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+   DB_QueryUPDATE_new ("can not update the number of accesses to test");
  }

 /*****************************************************************************/
@ -1278,15 +1274,13 @@ static void Tst_UpdateMyNumAccessTst (unsigned NumAccessesTst)

 static void Tst_UpdateLastAccTst (void)
  {
-   char Query[256];
-
   /***** Update date-time and number of questions of this test *****/
-   sprintf (Query,"UPDATE crs_usr SET LastAccTst=NOW(),NumQstsLastTst=%u"
+   DB_BuildQuery ("UPDATE crs_usr SET LastAccTst=NOW(),NumQstsLastTst=%u"
                  " WHERE CrsCod=%ld AND UsrCod=%ld",
-            Gbl.Test.NumQsts,
-	    Gbl.CurrentCrs.Crs.CrsCod,
-	    Gbl.Usrs.Me.UsrDat.UsrCod);
-   DB_QueryUPDATE (Query,"can not update time and number of questions of this test");
+		  Gbl.Test.NumQsts,
+		  Gbl.CurrentCrs.Crs.CrsCod,
+		  Gbl.Usrs.Me.UsrDat.UsrCod);
+   DB_QueryUPDATE_new ("can not update time and number of questions of this test");
  }

 /*****************************************************************************/
@ -6318,15 +6312,13 @@ static long Tst_CreateNewTag (long CrsCod,const char *TagTxt)

 static void Tst_EnableOrDisableTag (long TagCod,bool TagHidden)
  {
-   char Query[512];
-
   /***** Insert new tag into tst_tags table *****/
-   sprintf (Query,"UPDATE tst_tags SET TagHidden='%c',ChangeTime=NOW()"
+   DB_BuildQuery ("UPDATE tst_tags SET TagHidden='%c',ChangeTime=NOW()"
                  " WHERE TagCod=%ld AND CrsCod=%ld",
-            TagHidden ? 'Y' :
-        	        'N',
-            TagCod,Gbl.CurrentCrs.Crs.CrsCod);
-   DB_QueryUPDATE (Query,"can not update the visibility of a tag");
+		  TagHidden ? 'Y' :
+			      'N',
+		  TagCod,Gbl.CurrentCrs.Crs.CrsCod);
+   DB_QueryUPDATE_new ("can not update the visibility of a tag");
  }

 /*****************************************************************************/
@ -6462,7 +6454,6 @@ void Tst_ChangeShuffleQst (void)
  {
   extern const char *Txt_The_answers_of_the_question_with_code_X_will_appear_shuffled;
   extern const char *Txt_The_answers_of_the_question_with_code_X_will_appear_without_shuffling;
-   char Query[256];
   bool EditingOnlyThisQst;
   bool Shuffle;

@ -6479,12 +6470,12 @@ void Tst_ChangeShuffleQst (void)

   /***** Remove the question from all the tables *****/
   /* Update the question changing the current shuffle */
-   sprintf (Query,"UPDATE tst_questions SET Shuffle='%c'"
+   DB_BuildQuery ("UPDATE tst_questions SET Shuffle='%c'"
                  " WHERE QstCod=%ld AND CrsCod=%ld",
-            Shuffle ? 'Y' :
-        	      'N',
-            Gbl.Test.QstCod,Gbl.CurrentCrs.Crs.CrsCod);
-   DB_QueryUPDATE (Query,"can not update the shuffle type of a question");
+		  Shuffle ? 'Y' :
+			    'N',
+		  Gbl.Test.QstCod,Gbl.CurrentCrs.Crs.CrsCod);
+   DB_QueryUPDATE_new ("can not update the shuffle type of a question");

   /***** Write message *****/
   snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt),
@ -6544,21 +6535,10 @@ void Tst_InsertOrUpdateQstTagsAnsIntoDB (void)

 static void Tst_InsertOrUpdateQstIntoDB (void)
  {
-   char *Query;
-
-   /***** Allocate space for query *****/
-   if ((Query = (char *) malloc (512 +
-                                 Gbl.Test.Stem.Length +
-                                 Gbl.Test.Feedback.Length +
-                                 Img_BYTES_NAME +
-                                 Img_MAX_BYTES_TITLE +
-                                 Cns_MAX_BYTES_WWW)) == NULL)
-      Lay_NotEnoughMemoryExit ();
-
   if (Gbl.Test.QstCod < 0)	// It's a new question
     {
      /***** Insert question in the table of questions *****/
-      sprintf (Query,"INSERT INTO tst_questions"
+      DB_BuildQuery ("INSERT INTO tst_questions"
 	             " (CrsCod,EditTime,AnsType,Shuffle,"
 	             "Stem,Feedback,ImageName,ImageTitle,ImageURL,"
 	             "NumHits,Score)"
@ -6566,16 +6546,16 @@ static void Tst_InsertOrUpdateQstIntoDB (void)
                     " (%ld,NOW(),'%s','%c',"
                     "'%s','%s','%s','%s','%s',"
                     "0,0)",
-               Gbl.CurrentCrs.Crs.CrsCod,
-               Tst_StrAnswerTypesDB[Gbl.Test.AnswerType],
-               Gbl.Test.Shuffle ? 'Y' :
-        	                  'N',
-               Gbl.Test.Stem.Text,
-               Gbl.Test.Feedback.Text ? Gbl.Test.Feedback.Text : "",
-               Gbl.Test.Image.Name,
-               Gbl.Test.Image.Title ? Gbl.Test.Image.Title : "",
-               Gbl.Test.Image.URL   ? Gbl.Test.Image.URL   : "");
-      Gbl.Test.QstCod = DB_QueryINSERTandReturnCode (Query,"can not create question");
+		     Gbl.CurrentCrs.Crs.CrsCod,
+		     Tst_StrAnswerTypesDB[Gbl.Test.AnswerType],
+		     Gbl.Test.Shuffle ? 'Y' :
+					'N',
+		     Gbl.Test.Stem.Text,
+		     Gbl.Test.Feedback.Text ? Gbl.Test.Feedback.Text : "",
+		     Gbl.Test.Image.Name,
+		     Gbl.Test.Image.Title ? Gbl.Test.Image.Title : "",
+		     Gbl.Test.Image.URL   ? Gbl.Test.Image.URL   : "");
+      Gbl.Test.QstCod = DB_QueryINSERTandReturnCode_new ("can not create question");

      /* Update image status */
      if (Gbl.Test.Image.Name[0])
@ -6585,21 +6565,21 @@ static void Tst_InsertOrUpdateQstIntoDB (void)
     {
      /***** Update existing question *****/
      /* Update question in database */
-      sprintf (Query,"UPDATE tst_questions"
+      DB_BuildQuery ("UPDATE tst_questions"
 		     " SET EditTime=NOW(),AnsType='%s',Shuffle='%c',"
 		     "Stem='%s',Feedback='%s',"
 		     "ImageName='%s',ImageTitle='%s',ImageURL='%s'"
 		     " WHERE QstCod=%ld AND CrsCod=%ld",
-	       Tst_StrAnswerTypesDB[Gbl.Test.AnswerType],
-	       Gbl.Test.Shuffle ? 'Y' :
-				  'N',
-	       Gbl.Test.Stem.Text,
-	       Gbl.Test.Feedback.Text ? Gbl.Test.Feedback.Text : "",
-	       Gbl.Test.Image.Name,
-	       Gbl.Test.Image.Title ? Gbl.Test.Image.Title : "",
-	       Gbl.Test.Image.URL   ? Gbl.Test.Image.URL   : "",
-	       Gbl.Test.QstCod,Gbl.CurrentCrs.Crs.CrsCod);
-      DB_QueryUPDATE (Query,"can not update question");
+		     Tst_StrAnswerTypesDB[Gbl.Test.AnswerType],
+		     Gbl.Test.Shuffle ? 'Y' :
+					'N',
+		     Gbl.Test.Stem.Text,
+		     Gbl.Test.Feedback.Text ? Gbl.Test.Feedback.Text : "",
+		     Gbl.Test.Image.Name,
+		     Gbl.Test.Image.Title ? Gbl.Test.Image.Title : "",
+		     Gbl.Test.Image.URL   ? Gbl.Test.Image.URL   : "",
+		     Gbl.Test.QstCod,Gbl.CurrentCrs.Crs.CrsCod);
+      DB_QueryUPDATE_new ("can not update question");

      /* Update image status */
      if (Gbl.Test.Image.Name[0])
@ -6609,9 +6589,6 @@ static void Tst_InsertOrUpdateQstIntoDB (void)
      Tst_RemAnsFromQst ();
      Tst_RemTagsFromQst ();
     }
-
-   /***** Free space used for query *****/
-   free ((void *) Query);
  }

 /*****************************************************************************/
@ -7584,17 +7561,15 @@ static long Tst_CreateTestResultInDB (void)
 static void Tst_StoreScoreOfTestResultInDB (long TstCod,
                                          unsigned NumQstsNotBlank,double Score)
  {
-   char Query[256];
-
   /***** Update score in test result *****/
   Str_SetDecimalPointToUS ();	// To print the floating point as a dot
-   sprintf (Query,"UPDATE tst_exams"
+   DB_BuildQuery ("UPDATE tst_exams"
 	          " SET NumQstsNotBlank=%u,Score='%lf'"
 	          " WHERE TstCod=%ld",
-            NumQstsNotBlank,Score,
-            TstCod);
+		  NumQstsNotBlank,Score,
+		  TstCod);
   Str_SetDecimalPointToLocal ();	// Return to local system
-   DB_QueryUPDATE (Query,"can not update result of test result");
+   DB_QueryUPDATE_new ("can not update result of test result");
  }

 /*****************************************************************************/
--- a/swad_user.c
+++ b/swad_user.c
@ -3356,21 +3356,19 @@ bool Usr_ChkUsrCodAndGetAllUsrDataFromUsrCod (struct UsrData *UsrDat)

 void Usr_UpdateMyLastData (void)
  {
-   char Query[256];
-
   /***** Check if it exists an entry for me *****/
-   sprintf (Query,"SELECT COUNT(*) FROM usr_last WHERE UsrCod=%ld",
-            Gbl.Usrs.Me.UsrDat.UsrCod);
-   if (DB_QueryCOUNT (Query,"can not get last user's click"))
+   DB_BuildQuery ("SELECT COUNT(*) FROM usr_last WHERE UsrCod=%ld",
+		  Gbl.Usrs.Me.UsrDat.UsrCod);
+   if (DB_QueryCOUNT_new ("can not get last user's click"))
     {
      /***** Update my last accessed course, tab and time of click in database *****/
      // WhatToSearch, LastAccNotif remain unchanged
-      sprintf (Query,"UPDATE usr_last SET LastCrs=%ld,LastTab=%u,LastTime=NOW()"
+      DB_BuildQuery ("UPDATE usr_last SET LastCrs=%ld,LastTab=%u,LastTime=NOW()"
                     " WHERE UsrCod=%ld",
-               Gbl.CurrentCrs.Crs.CrsCod,
-               (unsigned) Gbl.Action.Tab,
-               Gbl.Usrs.Me.UsrDat.UsrCod);
-      DB_QueryUPDATE (Query,"can not update last user's data");
+		     Gbl.CurrentCrs.Crs.CrsCod,
+		     (unsigned) Gbl.Action.Tab,
+		     Gbl.Usrs.Me.UsrDat.UsrCod);
+      DB_QueryUPDATE_new ("can not update last user's data");
     }
   else
      Usr_InsertMyLastData ();
@ -7182,14 +7180,12 @@ static void Usr_GetMyUsrListTypeFromDB (void)

 static void Usr_UpdateMyUsrListTypeInDB (void)
  {
-   char Query[256];
-
   /***** Update type of users listing *****/
-   sprintf (Query,"UPDATE crs_usr SET UsrListType='%s'"
+   DB_BuildQuery ("UPDATE crs_usr SET UsrListType='%s'"
                  " WHERE CrsCod=%ld AND UsrCod=%ld",
-            Usr_StringsUsrListTypeInDB[Gbl.Usrs.Me.ListType],
-            Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-   DB_QueryUPDATE (Query,"can not update type of listing");
+		  Usr_StringsUsrListTypeInDB[Gbl.Usrs.Me.ListType],
+		  Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+   DB_QueryUPDATE_new ("can not update type of listing");
  }

 /*****************************************************************************/
@ -7278,16 +7274,14 @@ static void Usr_GetMyColsClassPhotoFromDB (void)

 static void Usr_UpdateMyColsClassPhotoInDB (void)
  {
-   char Query[256];
-
   if (Gbl.Usrs.Me.Logged && Gbl.CurrentCrs.Crs.CrsCod > 0)
     {
      /***** Update number of colums in class photo for current course *****/
-      sprintf (Query,"UPDATE crs_usr SET ColsClassPhoto=%u"
+      DB_BuildQuery ("UPDATE crs_usr SET ColsClassPhoto=%u"
                     " WHERE CrsCod=%ld AND UsrCod=%ld",
-               Gbl.Usrs.ClassPhoto.Cols,
-               Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-      DB_QueryUPDATE (Query,"can not update number of columns in class photo");
+		     Gbl.Usrs.ClassPhoto.Cols,
+		     Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+      DB_QueryUPDATE_new ("can not update number of columns in class photo");
     }
  }

@ -7380,17 +7374,15 @@ void Usr_GetMyPrefAboutListWithPhotosFromDB (void)

 static void Usr_UpdateMyPrefAboutListWithPhotosPhotoInDB (void)
  {
-   char Query[256];
-
   if (Gbl.Usrs.Me.Logged && Gbl.CurrentCrs.Crs.CrsCod > 0)
     {
      /***** Update number of colums in class photo for current course *****/
-      sprintf (Query,"UPDATE crs_usr SET ListWithPhotos='%c'"
+      DB_BuildQuery ("UPDATE crs_usr SET ListWithPhotos='%c'"
                     " WHERE CrsCod=%ld AND UsrCod=%ld",
-               Gbl.Usrs.Listing.WithPhotos ? 'Y' :
-        	                             'N',
-               Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-      DB_QueryUPDATE (Query,"can not update your preference about photos in listing");
+		     Gbl.Usrs.Listing.WithPhotos ? 'Y' :
+						   'N',
+		     Gbl.CurrentCrs.Crs.CrsCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+      DB_QueryUPDATE_new ("can not update your preference about photos in listing");
     }
  }

--- a/swad_web_service.c
+++ b/swad_web_service.c
@ -2705,7 +2705,6 @@ int swad__sendAttendanceUsers (struct soap *soap,
   unsigned NumCodsInList;
   char SubQuery[256];
   size_t Length = 0;	// Initialized to avoid warning
-   char *Query = NULL;	// Initialized to avoid warning

   /***** Initializations *****/
   Gbl.soap = soap;
@ -2757,12 +2756,12 @@ int swad__sendAttendanceUsers (struct soap *soap,

      /* Start query used to mark not present users as absent */
      Length = 256 + NumCodsInList * (1 + 1 + 10 + 1) - 1;
-      if ((Query = (char *) malloc (Length + 1)) == NULL)
+      if ((Gbl.DB.QueryPtr = (char *) malloc (Length + 1)) == NULL)
 	 return soap_receiver_fault (Gbl.soap,
 	                             "Not enough memory",
 	                             "Not enough memory to store list of users");
-      sprintf (Query,"UPDATE att_usr SET Present='N'"
-		     " WHERE AttCod=%ld",
+      sprintf (Gbl.DB.QueryPtr,"UPDATE att_usr SET Present='N'"
+			       " WHERE AttCod=%ld",
 	       Att.AttCod);
     }

@ -2787,7 +2786,7 @@ int swad__sendAttendanceUsers (struct soap *soap,
 		  sprintf (SubQuery,sendAttendanceUsersOut->numUsers ? ",%ld" :
 								       " AND UsrCod NOT IN (%ld",
 			   UsrDat.UsrCod);
-		  Str_Concat (Query,SubQuery,
+		  Str_Concat (Gbl.DB.QueryPtr,SubQuery,
 		              Length);
 		 }

@ -2799,11 +2798,10 @@ int swad__sendAttendanceUsers (struct soap *soap,
     {
      /* Mark not present users as absent in table of users */
      if (sendAttendanceUsersOut->numUsers)
-         Str_Concat (Query,")",
+         Str_Concat (Gbl.DB.QueryPtr,")",
                     Length);

-      DB_QueryUPDATE (Query,"can not set other users as absent");
-      free ((void *) Query);
+      DB_QueryUPDATE_new ("can not set other users as absent");

      /* Clean table att_usr */
      Att_RemoveUsrsAbsentWithoutCommentsFromAttEvent (Att.AttCod);
@ -3109,7 +3107,6 @@ int swad__markNotificationsAsRead (struct soap *soap,
   unsigned NumNtf;
   unsigned NumNtfsMarkedAsRead = 0;
   long NtfCod;
-   char Query[512];

   /***** Initializations *****/
   Gbl.soap = soap;
@ -3143,11 +3140,11 @@ int swad__markNotificationsAsRead (struct soap *soap,
         if ((NtfCod = Str_ConvertStrCodToLongCod (LongStr)) > 0)
           {
 	    /***** Mark notification as read in the database *****/
-	    sprintf (Query,"UPDATE notif SET Status=(Status | %u)"
+	    DB_BuildQuery ("UPDATE notif SET Status=(Status | %u)"
 			   " WHERE NtfCod=%ld AND ToUsrCod=%ld",
-		     (unsigned) Ntf_STATUS_BIT_READ,
-		     (long) NtfCod,Gbl.Usrs.Me.UsrDat.UsrCod);
-	    DB_QueryUPDATE (Query,"can not mark notification as read");
+			   (unsigned) Ntf_STATUS_BIT_READ,
+			   (long) NtfCod,Gbl.Usrs.Me.UsrDat.UsrCod);
+	    DB_QueryUPDATE_new ("can not mark notification as read");

 	    NumNtfsMarkedAsRead++;
           }
@ -3378,65 +3375,63 @@ static int Svc_SendMessageToUsr (long OriginalMsgCod,
  {
   static bool MsgAlreadyInserted = false;
   static long NewMsgCod;
-   char Query[512 + Cns_MAX_BYTES_SUBJECT + Cns_MAX_BYTES_LONG_TEXT];

   /***** Create message *****/
   if (!MsgAlreadyInserted)      // The message is inserted only once in the table of messages sent
     {
      /***** Insert message subject and body in the database *****/
      /* Build query */
-      sprintf (Query,"INSERT INTO msg_content"
+      DB_BuildQuery ("INSERT INTO msg_content"
 	             " (Subject,Content,ImageName,ImageTitle,ImageURL)"
                     " VALUES"
                     " ('%s','%s','','','')",
                     Subject,Content);
-
      /* Get the code of the inserted item */
-      NewMsgCod = DB_QueryINSERTandReturnCode (Query,"can not create message");
+      NewMsgCod = DB_QueryINSERTandReturnCode_new ("can not create message");

      /***** Insert message in sent messages *****/
-      sprintf (Query,"INSERT INTO msg_snt"
+      DB_BuildQuery ("INSERT INTO msg_snt"
 	             " (MsgCod,CrsCod,UsrCod,Expanded,CreatTime)"
                     " VALUES"
                     " (%ld,-1,%ld,'N',NOW())",
-               NewMsgCod,SenderUsrCod);
-      DB_QueryINSERT (Query,"can not create message");
+		     NewMsgCod,SenderUsrCod);
+      DB_QueryINSERT_new ("can not create message");

      MsgAlreadyInserted = true;
     }

   /***** Insert message received in the database *****/
-   sprintf (Query,"INSERT INTO msg_rcv"
+   DB_BuildQuery ("INSERT INTO msg_rcv"
 	          " (MsgCod,UsrCod,Notified,Open,Replied,Expanded)"
                  " VALUES"
                  " (%ld,%ld,'%c','N','N','N')",
-            NewMsgCod,RecipientUsrCod,
-            NotifyByEmail ? 'Y' :
-        	            'N');
-   DB_QueryINSERT (Query,"can not create received message");
+		  NewMsgCod,RecipientUsrCod,
+		  NotifyByEmail ? 'Y' :
+				  'N');
+   DB_QueryINSERT_new ("can not create received message");

   /***** Create notification for this recipient.
          If this recipient wants to receive notifications by email, activate the sending of a notification *****/
-   sprintf (Query,"INSERT INTO notif"
+   DB_BuildQuery ("INSERT INTO notif"
 	          " (NotifyEvent,ToUsrCod,FromUsrCod,InsCod,DegCod,CrsCod,Cod,TimeNotif,Status)"
                  " VALUES"
                  " (%u,%ld,%ld,-1,-1,-1,%ld,NOW(),%u)",
-            (unsigned) Ntf_EVENT_MESSAGE,
-            RecipientUsrCod,
-            SenderUsrCod,
-            NewMsgCod,
-            (unsigned) (NotifyByEmail ? Ntf_STATUS_BIT_EMAIL :
-        	                        0));
-   DB_QueryINSERT (Query,"can not create new notification event");
+		  (unsigned) Ntf_EVENT_MESSAGE,
+		  RecipientUsrCod,
+		  SenderUsrCod,
+		  NewMsgCod,
+		  (unsigned) (NotifyByEmail ? Ntf_STATUS_BIT_EMAIL :
+					      0));
+   DB_QueryINSERT_new ("can not create new notification event");

   /***** If this recipient is the original sender of a message been replied... *****/
   if (RecipientUsrCod == ReplyUsrCod)
     {
      /***** ...then update received message setting Replied field to true *****/
-      sprintf (Query,"UPDATE msg_rcv SET Replied='Y'"
+      DB_BuildQuery ("UPDATE msg_rcv SET Replied='Y'"
 	             " WHERE MsgCod=%ld AND UsrCod=%ld",
-               OriginalMsgCod,SenderUsrCod);
-      DB_QueryUPDATE (Query,"can not update a received message");
+		     OriginalMsgCod,SenderUsrCod);
+      DB_QueryUPDATE_new ("can not update a received message");
     }

   return SOAP_OK;