From aa53ece0cefa7949c617db52093abd8b6fa48b65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antonio=20Ca=C3=B1as=20Vargas?= <acanas@ugr.es>
Date: Sun, 4 Nov 2018 21:28:11 +0100
Subject: [PATCH] Version 18.13.3

---
 swad_ID.c          | 63 +++++++++++++++++++++++-----------------------
 swad_attendance.c  |  3 +++
 swad_changelog.h   |  3 ++-
 swad_web_service.c |  3 +++
 4 files changed, 40 insertions(+), 32 deletions(-)

diff --git a/swad_ID.c b/swad_ID.c
index 2e87a30e2..2ba4e65e3 100644
--- a/swad_ID.c
+++ b/swad_ID.c
@@ -175,8 +175,8 @@ unsigned ID_GetListUsrCodsFromUsrID (struct UsrData *UsrDat,
                                      struct ListUsrCods *ListUsrCods,
                                      bool OnlyConfirmedIDs)
   {
-   char *Query = NULL;
-   char SubQuery[256];
+   char *SubQueryAllUsrs = NULL;
+   char SubQueryOneUsr[1 + ID_MAX_BYTES_USR_ID + 1 + 1];
    MYSQL_RES *mysql_res;
    MYSQL_ROW row;
    size_t MaxLength;
@@ -190,53 +190,54 @@ unsigned ID_GetListUsrCodsFromUsrID (struct UsrData *UsrDat,
 	 if (EncryptedPassword[0])
 	    CheckPassword = true;
 
-      /***** Allocate memory for query string *****/
+      /***** Allocate memory for subquery string *****/
       MaxLength = 512 + UsrDat->IDs.Num * (1 + ID_MAX_BYTES_USR_ID + 1) - 1;
-      if ((Query = (char *) malloc (MaxLength + 1)) == NULL)
+      if ((SubQueryAllUsrs = (char *) malloc (MaxLength + 1)) == NULL)
          Lay_NotEnoughMemoryExit ();
+      SubQueryAllUsrs[0] = '\0';
 
       /***** Get user's code(s) from database *****/
-      Str_Copy (Query,CheckPassword ? "SELECT DISTINCT(usr_IDs.UsrCod) FROM usr_IDs,usr_data"
-				      " WHERE usr_IDs.UsrID IN (" :
-				      "SELECT DISTINCT(UsrCod) FROM usr_IDs"
-				      " WHERE UsrID IN (",
-		MaxLength);
       for (NumID = 0;
 	   NumID < UsrDat->IDs.Num;
 	   NumID++)
 	{
 	 if (NumID)
-	    Str_Concat (Query,",",
+	    Str_Concat (SubQueryAllUsrs,",",
 	                MaxLength);
-	 sprintf (SubQuery,"'%s'",UsrDat->IDs.List[NumID].ID);
+	 sprintf (SubQueryOneUsr,"'%s'",UsrDat->IDs.List[NumID].ID);
 
-	 Str_Concat (Query,SubQuery,
+	 Str_Concat (SubQueryAllUsrs,SubQueryOneUsr,
 	             MaxLength);
 	}
-      Str_Concat (Query,")",
-                  MaxLength);
 
       if (CheckPassword)
-	{
-	 if (OnlyConfirmedIDs)
-	    Str_Concat (Query," AND usr_IDs.Confirmed='Y'",
-	                MaxLength);
-
+        {
 	 // Get user's code if I have written the correct password
 	 // or if password in database is empty (new user)
-	 sprintf (SubQuery," AND usr_IDs.UsrCod=usr_data.UsrCod"
-			   " AND (usr_data.Password='%s' OR usr_data.Password='')",
-		  EncryptedPassword);
-	 Str_Concat (Query,SubQuery,
-	             MaxLength);
-	}
-      else if (OnlyConfirmedIDs)
-	 Str_Concat (Query," AND Confirmed='Y'",
-	             MaxLength);
+	 ListUsrCods->NumUsrs =
+	 (unsigned) DB_QuerySELECT (&mysql_res,"can not get user's codes",
+				    "SELECT DISTINCT(usr_IDs.UsrCod) FROM usr_IDs,usr_data"
+				    " WHERE usr_IDs.UsrID IN (%s)"
+				    "%s"
+				    " AND usr_IDs.UsrCod=usr_data.UsrCod"
+				    " AND (usr_data.Password='%s' OR usr_data.Password='')",
+				    SubQueryAllUsrs,
+	                            OnlyConfirmedIDs ? " AND usr_IDs.Confirmed='Y'" :
+	                        	               "",
+				    EncryptedPassword);
+        }
+      else
+	 ListUsrCods->NumUsrs =
+	 (unsigned) DB_QuerySELECT (&mysql_res,"can not get user's codes",
+				    "SELECT DISTINCT(UsrCod) FROM usr_IDs"
+				    " WHERE UsrID IN (%s)"
+				    "%s",
+				    SubQueryAllUsrs,
+				    OnlyConfirmedIDs ? " AND Confirmed='Y'" :
+	                        	               "");
 
-      ListUsrCods->NumUsrs =
-      (unsigned) DB_QuerySELECTusingQueryStr (&Query,&mysql_res,
-					      "can not get user's codes");
+      /***** Free memory for subquery string *****/
+      free ((void *) SubQueryAllUsrs);
 
       if (ListUsrCods->NumUsrs)
         {
diff --git a/swad_attendance.c b/swad_attendance.c
index de53b946a..226e04535 100644
--- a/swad_attendance.c
+++ b/swad_attendance.c
@@ -2487,6 +2487,9 @@ static unsigned Att_GetNumStdsFromAListWhoAreInAttEvent (long AttCod,long LstSel
 				" WHERE AttCod=%ld"
 				" AND UsrCod IN (%s) AND Present='Y'",
 				AttCod,SubQueryAllUsrs);
+
+      /***** Free memory for subquery string *****/
+      free ((void *) SubQueryAllUsrs);
      }
    return NumStdsInAttEvent;
   }
diff --git a/swad_changelog.h b/swad_changelog.h
index 090f5b725..56632e53b 100644
--- a/swad_changelog.h
+++ b/swad_changelog.h
@@ -355,10 +355,11 @@ En OpenSWAD:
 ps2pdf source.ps destination.pdf
 */
 
-#define Log_PLATFORM_VERSION	"SWAD 18.13.2 (2018-11-04)"
+#define Log_PLATFORM_VERSION	"SWAD 18.13.3 (2018-11-04)"
 #define CSS_FILE		"swad18.4.css"
 #define JS_FILE			"swad17.17.1.js"
 /*
+	Version 18.13.3:  Nov 04, 2018  Code refactoring related to databse queries. (236562 lines)
 	Version 18.13.2:  Nov 04, 2018  Code refactoring related to databse queries. (236555 lines)
 	Version 18.13.1:  Nov 04, 2018  New database funtion to get number of rows in a table. (236572 lines)
 	Version 18.13:    Nov 03, 2018  Joining building and performing query into one function. (236563 lines)
diff --git a/swad_web_service.c b/swad_web_service.c
index e846e74cb..a42ef84a9 100644
--- a/swad_web_service.c
+++ b/swad_web_service.c
@@ -2845,6 +2845,9 @@ int swad__sendAttendanceUsers (struct soap *soap,
 		     " WHERE AttCod=%ld%s",
 		     Att.AttCod,SubQueryAllUsrs);
 
+      /* Free memory for subquery string */
+      free ((void *) SubQueryAllUsrs);
+
       /* Clean table att_usr */
       Att_RemoveUsrsAbsentWithoutCommentsFromAttEvent (Att.AttCod);
      }