const std::string ExecQueryPage::GeneratePage(const std::string &method, const std::map<std::string,std::string> &queryvars)\r
{\r
std::string content="";\r
+ std::string query="";\r
\r
if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")\r
{\r
- SQLite3DB::Recordset rs=m_db->Query((*queryvars.find("query")).second);\r
+ query=(*queryvars.find("query")).second;\r
+ SQLite3DB::Recordset rs=m_db->Query(query);\r
\r
content+="<table>";\r
+ if(rs.Count()>0)\r
+ {\r
+ content+="<tr>";\r
+ for(int i=0; i<rs.Cols(); i++)\r
+ {\r
+ content+="<th>";\r
+ if(rs.GetColumnName(i))\r
+ {\r
+ content+=rs.GetColumnName(i);\r
+ }\r
+ content+="</th>";\r
+ }\r
+ content+="<tr>";\r
+ }\r
while(!rs.AtEnd())\r
{\r
content+="<tr>";\r
content+="<h2>Execute Query</h2>";\r
content+="<form name=\"frmquery\" method=\"POST\">";\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";\r
- content+="<textarea name=\"query\" rows=\"10\" cols=\"80\"></textarea>";\r
+ content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+SanitizeOutput(query)+"</textarea>";\r
content+="<input type=\"submit\" value=\"Execute Query\">";\r
content+="</form>";\r
\r
- return "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n"+StringFunctions::Replace(m_template,"[CONTENT]",content);\r
+ return StringFunctions::Replace(m_template,"[CONTENT]",content);\r
}\r
\r
const bool ExecQueryPage::WillHandleURI(const std::string &uri)\r