/ Check-in [e4579e50]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Comment changes clarifying details of the pointer-type parameter. No changes to code.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | branch-3.20
Files: files | file ages | folders
SHA3-256:e4579e50a1ece4f65dfdae39d5c1670f0e3f7d4824e7d242f07ec9859d15155f
User & Date: drh 2017-07-17 12:41:29
Context
2017-07-17
15:38
Improved the interface to the fts5() extension mechanism for enhanced security. check-in: bc78235f user: drh tags: branch-3.20
13:37
Merge the pointer-type enhancement from the 3.20 branch. check-in: 9e8e1c4a user: drh tags: trunk
12:41
Comment changes clarifying details of the pointer-type parameter. No changes to code. check-in: e4579e50 user: drh tags: branch-3.20
12:27
Add the pointer-type parameter to sqlite3_bind_pointer(), sqlite3_result_pointer(), and sqlite3_value_pointer(). The pointer type is a static string that must match (according to strcmp()) or else the pointer is passed as a NULL. This is a security measure to prevent crossing pointers between different extensions. check-in: e1196567 user: drh tags: branch-3.20
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/misc/remember.c.

21
22
23
24
25
26
27



28
29
30
31
32
33
34
**    UPDATE counterTab SET cnt=remember(cnt,$PTR)+1 WHERE id=$ID
**
** Prepare the above statement once.  Then to use it, bind the address
** of the output variable to $PTR using sqlite3_bind_pointer() with a
** pointer type of "carray" and bind the id of the counter to $ID and
** run the prepared statement.
**



** One can imagine doing similar things with floating-point values and
** strings, but this demonstration extension will stick to using just
** integers.
*/
#include "sqlite3ext.h"
SQLITE_EXTENSION_INIT1
#include <assert.h>







>
>
>







21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
**    UPDATE counterTab SET cnt=remember(cnt,$PTR)+1 WHERE id=$ID
**
** Prepare the above statement once.  Then to use it, bind the address
** of the output variable to $PTR using sqlite3_bind_pointer() with a
** pointer type of "carray" and bind the id of the counter to $ID and
** run the prepared statement.
**
** This implementation of the remember() function uses a "carray"
** pointer so that it can share pointers with the carray() extension.
**
** One can imagine doing similar things with floating-point values and
** strings, but this demonstration extension will stick to using just
** integers.
*/
#include "sqlite3ext.h"
SQLITE_EXTENSION_INIT1
#include <assert.h>

Changes to src/sqlite.h.in.

3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
....
5097
5098
5099
5100
5101
5102
5103

5104
5105
5106
5107
5108
5109
5110
** ^The sqlite3_bind_pointer(S,I,P,T) routine causes the I-th parameter in
** [prepared statement] S to have an SQL value of NULL, but to also be
** associated with the pointer P of type T.
** ^The sqlite3_bind_pointer() routine can be used to pass
** host-language pointers into [application-defined SQL functions].
** ^A parameter that is initialized using [sqlite3_bind_pointer()] appears
** to be an ordinary SQL NULL value to everything other than
** [sqlite3_value_pointer()].
**
** ^If any of the sqlite3_bind_*() routines are called with a NULL pointer
** for the [prepared statement] or with a prepared statement for which
** [sqlite3_step()] has been called more recently than [sqlite3_reset()],
** then the call will return [SQLITE_MISUSE].  If any sqlite3_bind_()
** routine is passed a [prepared statement] that has been finalized, the
** result is undefined and probably harmful.
................................................................................
** kind of [sqlite3_value] object can be used with this interface.
**
** ^The sqlite3_result_pointer(C,P,T) interface sets the result to an
** SQL NULL value, just like [sqlite3_result_null(C)], except that it
** also associates the host-language pointer P or type T with that 
** NULL value such that the pointer can be retrieved within an
** [application-defined SQL function] using [sqlite3_value_pointer()].

** This mechanism can be used to pass non-SQL values between
** application-defined functions.
**
** If these routines are called from within the different thread
** than the one containing the application-defined function that received
** the [sqlite3_context] pointer, the results are undefined.
*/







|







 







>







3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
....
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
** ^The sqlite3_bind_pointer(S,I,P,T) routine causes the I-th parameter in
** [prepared statement] S to have an SQL value of NULL, but to also be
** associated with the pointer P of type T.
** ^The sqlite3_bind_pointer() routine can be used to pass
** host-language pointers into [application-defined SQL functions].
** ^A parameter that is initialized using [sqlite3_bind_pointer()] appears
** to be an ordinary SQL NULL value to everything other than
** [sqlite3_value_pointer()].  The T parameter should be a static string.
**
** ^If any of the sqlite3_bind_*() routines are called with a NULL pointer
** for the [prepared statement] or with a prepared statement for which
** [sqlite3_step()] has been called more recently than [sqlite3_reset()],
** then the call will return [SQLITE_MISUSE].  If any sqlite3_bind_()
** routine is passed a [prepared statement] that has been finalized, the
** result is undefined and probably harmful.
................................................................................
** kind of [sqlite3_value] object can be used with this interface.
**
** ^The sqlite3_result_pointer(C,P,T) interface sets the result to an
** SQL NULL value, just like [sqlite3_result_null(C)], except that it
** also associates the host-language pointer P or type T with that 
** NULL value such that the pointer can be retrieved within an
** [application-defined SQL function] using [sqlite3_value_pointer()].
** The T parameter should be a static string.
** This mechanism can be used to pass non-SQL values between
** application-defined functions.
**
** If these routines are called from within the different thread
** than the one containing the application-defined function that received
** the [sqlite3_context] pointer, the results are undefined.
*/