std::string content="";\r
std::string query="";\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="" && ValidateFormPassword(queryvars))\r
{\r
query=(*queryvars.find("query")).second;\r
SQLite3DB::Recordset rs=m_db->Query(query);\r
}\r
content+="<tr>";\r
}\r
+ else if(m_db->GetLastResult()!=SQLITE_OK)\r
+ {\r
+ std::string error="";\r
+ m_db->GetLastError(error);\r
+ content+="<tr><td>"+error+"</td></tr>";\r
+ }\r
while(!rs.AtEnd())\r
{\r
content+="<tr>";\r
content+="<td>";\r
if(rs.GetField(i))\r
{\r
- content+=rs.GetField(i);\r
+ content+=SanitizeOutput(std::string(rs.GetField(i)));\r
}\r
content+="</td>";\r
}\r
\r
content+="<h2>Execute Query</h2>";\r
content+="<form name=\"frmquery\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";\r
content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+StringFunctions::Replace(query,"<","<")+"</textarea>";\r
content+="<input type=\"submit\" value=\"Execute Query\">";\r