www-sql-0.5.7: 17-November-1998
- Fixed a small inconsistency between the new and old scanners, so
that the new one recognises . It was missing before.
- fixed a few memory leaks.
- Fixed the HTML escaping for new lines -> "
", when the browser
sends "\r\n" strings. This was pointed out by Malte.
- Fixed a bug in the print_loop code when you have a result with
zero rows in it (it would be picked up as an error, rather than
skipping down past the corresponding . This bug was
found by Malte, but I made a few changes to make sure it really
picks up real errors (which is what the original code was supposed
to do).
www-sql-0.5.3: 21-July-1998
- Made it so that the buffer used to perform variable expansions is
dynamically expanded as needed. This will prevent many of the
buffer overrun errors found when printing BLOBs.
- Added an optional third parameter to the qselect command. You can
now give a default value for the list box.
- Added an implementation of the include command for use with the
new scanner. This means that the new scanner should have all the
functionality of the old one.
- Added a while command. It is only available when using the new
scanner (this is because it uses features that weren't available
in the previous scanner). It acts as you would expect. Open
command with and close with .
There is also a and commands to help
with the looping control.
- Added a print_loop command, which is like the print_rows command,
but you can put any commands between and
a command. This should be useful as an alternative to
recursive mode.
- Removed old expression parser from main distribution. Along with
this, also removed --with-old-expr and --with-sysvregex arguments
for configure. No one should have problems with this, since they
have had more than six months to tell me about any bugs in the newer
code.
- Added inline keyword to parts of the new scanner. It adds a small
amount to the binary, but it may increase the speed of the scanner
a little. (I have used autoconf's macros to check which inline
keyword to use, and if it exists at all, so this is portable). Also
fixed some bugs in the expression tokenising in this new scanner
(I was comparing characters against 0 rather than '0').
www-sql-0.5.2: 24-June-1998
- Fixed error in manual about cookies. Leaving out an expiry date
prevents a cookie from being saved between browser sessions.
- Added -lcrypt to link flags for www-pgsql.
- Changed code for --enable-apache-action-check, so when it is used
without an apache server, it has no effect. This way it can be
safely used for a binary distribution.
- Started work on a new input scanner. Currently, it can't do
anything more than the current one, but once it is complete, it
will allow me to add a while loop, and proper macro expansion of
command output. So if you want these features, please test this
scanner for me. It is enabled with the --with-new-scanner switch.
Also, this scanner handles quotes better (eg ab"cd\""d"b" is a
valid string, and "\\" recognises the second quote -- before it
was being escaped by the second slash).
www-sql-0.5.1: 15-May-1998
- Added an include statement. This include statement works inline,
and doesn't require the recursive extension. (The initial idea for
this feature was from Alexey I Onin ,
but the final implementation is based on code submitted by
Malte John ). Unless --enable-unsafe is passed
to configure when building www-sql, you can only include files
in the same directory as the script.
- Added some new functions submitted by Malte John .
They are exec (only enabled if compiled with --enable-unsafe)
- Added cookie support (code submitted by Lars Bensmann
). Cookies sent by the browser are converted
to www-sql variables (like form variables). Cookies can be set by
making your script output code like:
(All on one line). You can leave out the expires part if you want.
- Added a function ftime. It is basically an strftime wrapper. The
first argument is a format string. The function uses the current
time to create the string. If you give a second argument, it is
used as an offset from the current time. (eg will print the time, for one hour in the future). This
function should be useful for setting the expire time on a cookie.
- Fixed bug where if you had a variable names 'a' and one named 'abc',
www-sql would give different expansions of "$abc" depending on the
order that the variables were defined. Now it picks the longest
variable name. If you relied on the old behavior, you will have
to change your script. This change is based on a patch submitted by
Eduardo Trapani (his patch only fixed the
problem for mysql query handles -- I made the changes for pgsql and
general variables).
- Fixed configure script so that the --with-pgsql-libs argument
produced the correct linker option. (It was producing a -I,
instead of a -L)
- Added some better error checking for the connect and database
commands in the mysql version.
- Got rid of all direct references to members of the MYSQL structure.
The code now uses the accessor functions and macros.
- Got rid of some constructs that did not cause errors in gcc, but
gave trouble with Solaris's compiler (and other ones with less
extensions to ANSI/ISO C).
- Fixed bug in URL encoding for characters with codes greater than 127.
- Added check for alloca, so that compiling regex.c works on non-gcc
compilers.
www-sql-0.5.0: 23-Feb-1998
- Added PostgreSQL support. Now you can give configure the argument
--with-database=dbname, where dbname is eithe mysql or pgsql.
You can also pass configure the arguments --with-pgsql-headers
and --with-pgsql-libs, which act like the mysql equivalents.
To build both binaries, run "make www-mysql www-pgsql".
(Maybe I should do an mSQL version of www-sql).
- Updated the documentation to give some idea of how to set up
www-sql under PostgreSQL.
- Made the QUERY_STRING environment variable available to www-sql
programs.
- In the connect function, the host, username and password values are
checked for variable expansion now.
- Fixed the security hole described by Christophe Leroy on the bugtraq
mailing list. This hole allowed the bypassing of security on a web
server, allowing the reading of password protected files.
If you are using apache, and altered the configuration files as
described in the documentation (to allow *.sql files to be handled by
www-sql), then by passing the argument --enable-apache-action-check
to configure, you can seal this leak. I recommend that most people
use this switch.
www-sql-0.4.4: 6-Feb-1998
- This is just a small patch for people having trouble with the regex
support in the expression parser. Even if www-sql was using the
platform's regex library, it was using the GNU regex header file
included in this distribution. This could cause problems related to
the field layout for the pattern structure, causing core dumps.
It is probably not necessary to get this version if you are using
GNU regex already (or haven't used the regex features of www-sql).
- Updated the documentation with additional examples that demonstrate
inserting and deleting data from tables. (Maybe less people will
mail me about how to do this).
www-sql-0.4.3: 27-Jan-1998
- Fixed yet another bug in the new expression parser. Before, it
wasn recognising brackets as strings, rather than their correct
interpretation. This is now fixed. (I hope this is the last big
bug in the new expression parser -- if you find any more, PLEASE
tell me).
- Fixed bug where fields of a query that were null would sometimes
print unexpected characters. In this situation, it now just doesn't
print anything. (I think this bug snuck in with the previous
release.)
- Split the file func.c into three files -- func.c now only handles
functions not specific to the database, cmds.c contains substVars
and executeSql, and mysql.c contains all the MySQL specific code.
It should now be possible to replace this file in the linking stage
to get www-sql to work with a different database system
(eg. PostgreSQL, mSQL).
- Now when you make an SQL query, the variable INSERT_ID gets set to
the last auto increment insert id. This should be useful for
authentication or user tracking.
www-sql-0.4.2: 22-Jan-1998
- Fixed some more bugs in the new expression parser. The first bug
involved expressions such as `number = string' where number evaluates
to a number and string is a string. These would always return true
when they should return false (strings are basically anything that
can't be converted to a number).
The second bug was in the parser, and meant that you couldn't use the
exclamation mark to mean `not'.
- Updated the example file example.sql -- it now URL escapes variables
before inserting them into URLs. I have also fixed some bugs that
were introduced into the script by recent enhancements to www-sql.
- Simplified some of the code in the function substVars in func.c.
These changes may increase the speed of some operations, and makes
$var is a synonym for @var, and $qh.field is a synonym for @qh.field.
- I have had some reports from some people that compilation fails when
the code tries to use the macro IS_NUM. There is now code to define
this if it hasn't been defined by the mysql headers.
- Added convert function for compatibility with W3-mSQL v1.x. This
procedure isn't really needed, since you can use the "?varname"
syntax.
- Changed the sql escaping so that it doesn't escape SQL wildcards '%'
and '_'. If you don't want to have wildcard matches, you should use
the '=' operator rather than the 'like' operator in your SQL
statements. If you don't like this change, please tell me.
www-sql-0.4.1: 27-Dec-1997
- Realised that I had forgot to put string comparison functionality
into the new expression parser (oops). This is now fixed. I
recomend everyone using version 0.4.0 upgrade to this version.
- Added fixes for some of the problems in the new expression parser.
previously choke on commands such as `$var = "-"', since it was
interpreting the - as a minus sign instead of as a string.
This version allows all symbols like the `-' to be considered as
strings as well. It also contains string comparison code as well
(eg `a < b'). It also checks numbers better (eg `1a' is not
the same as 1).
- Fixed typo in README file (the word Password was repeated). Thanks
to who ever told Hamish (the Debian package maintainer).
- Included the file www-sql.spec, which can be used to help make an
rpm for www-sql.
www-sql-0.4.0: 15-Dec-1997
- Wrote a new expression parser. It is used by default, but if you
need a feature of the old parser, it is available by adding the
argument --with-old-expr to configure. If you do have trouble with
this new expression parser, please mail me so that I can fix the
problem.
The main new feature of this parser is that it handles floating
point numbers, making www-sql more useful for shopping cart type
applications.
- Added two new string escape schemes. These will work on both
variables and query handle fields. By prepending the variable with
a '?', you will escape the string using MySQL's rules. This is
useful in statements, since it protects your scripts
from some user input. As an example, the following command would
give an error if the variable's value was ':
But by using ?a instead of $a, the statement will work.
The other escape scheme is `HTML escaping'. This is just converting
&, <, > and " to their respective entities. This is most useful in
and commands.
- Added two new options to configure: "./configure
--with-mysql-headers=" is the same as "MYSQL_INCDIR=-I
./configure", and "./configure --with-mysql-libs=" is the same
as "MYSQL_LIBDIR=-L ./configure".
www-sql-0.3.4: 04-Nov-1997
- Added more CGI variables to www-sql's environment. You can now
access the values of GATEWAY_INTERFACE, HOSTTYPE, HTTP_HOST,
HTTP_REFERER, HTTP_USER_AGENT, OSTYPE, PATH_INFO, PATH_TRANSLATED,
REMOTE_USER, SERVER_ADMIN, SERVER_NAME, SERVER_PORT, SERVER_PROTOCOL
and SERVER_SOFTWARE. If a variable is not set when www-sql is run,
it won't be available to the www-sql script. Also added the builtin
variable WWW_SQL_VERSION, which is a string holding the version
number of www-sql.
- Didn't forget to update the documentation this time.
- Increased the readability of the dumpvars command.
- Added a setexpr command. Allows you to assign the value of an
expression to a variable. The syntax is .
- Altered all the commands so that they output to the file handle
yyout instead of stdout. This is mainly to make the recursive
support easier. If you have written any extra commands, you should
change occurences of printf(...) to fprintf(yyout, ...)
- Added recursive extensions to www-sql. Adapted from code submitted
by Simon Cocking . Basically, www-sql will expand
www-sql tags like normal, but will the resulting page back into
www-sql, to expand more tags. This process continues until there are
no more www-sql tags. To enable this option, add the argument
--enable-recursive to configure.
- Added an elsif (else if) command to www-sql. From code by David
J. N. Begley .
- Added detection of cgi-bin directory at /usr/local/roxen/cgi-bin and
/usr/local/apache/cgi-bin (Apache's new default).
www-sql-0.3.3: 09-Oct-1997
- Added some automatic detection of Solaris libraries (either
'-lxnet' or '-lsocket -lnsl')
- Added url encoding of normal variables as well as query handles
(from code submitted by Karsten Blees )
- You can now reference query fields as @query.fieldname (ie. by name
rather than by number). From code by Karsten Blees .
- Added detection of cgi-bin directory at /usr/local/web/cgi-bin
www-sql-0.3.2: 26-Sep-1997
- Added the argument --with-sysvregex to configure to get www-sql to
use the SYSV style regex libraries instead of POSIX style libraries.
Note that the actual libraries are not included, and I haven't
this code (it was submitted by Todd Koeckeritz )
- Added the ability to url encode a query result field by using a
hash (#) instead of an ampersand (@) to reference it. (based on
code submitted by Todd Koeckeritz )
- Fixed up checking of return values from getenv. (It should be more
helpful in narrowing down wierd errors).
- Removed the file error.c, and adjusted xmalloc.c so it didn't need
it. This should reduce the problems with compilation on FreeBSD.
- Now compiles with both Berkeley's pmake and GNU make.
www-sql-0.3.1: 19-Sep-1997
- Included the GNU regex library in the lib directory. Maybe this
will fix the FreeBSD problems.
- Added to create a drop down listbox for forms.
- Added error messages for when commands fail. This should make
debugging scripts a lot easier for simple problems.
- Apparently someone got this program working on Irix, so I can now
definitely say www-sql is portable.
www-sql-0.3.0: 01-Sep-1997
- Fixed up configure script so it finds alternate mysql lib locations
properly, and caches the value. Same for mysql headers.
- Cleaned up CGI parameter code. Also fixed the setting of variables
REMOTE_HOST and REMOTE_ADDR (It didn't work before).
- Fixed so that it will work for queries that don't return
result bodies, like insert and update. With these queries, no query
handle is created.
- Added -- it dumps the names and values of all www-sql
variables. This can be used for debuging scripts.
- Added the commands Qtable and Qlongform, which make printing of the
results of a query easier. They were contributed by Martin Maisey
.
- Added builtin variable AFFECTED_ROWS, which gives the number of rows
affected by a query. (-1 for SELECT queries).
www-sql-0.2.2: 19-Aug-1997
- Fixed up some more bugs in the documentation (swaped the words
action and addhandler in the apache setup section)
- removed the staic lib kludge, and fixed the problem. (Thanks go to
Leroy Cristophe for pointing out the problem).
- altered the configure script so that it would link with libm and
libmysqlclient during the tests. This should stop the configure
script failing on some machines.
- Added two extra builtin variables -- REMOTE_HOST and REMOTE_ADDR,
which have the same values as they do in a CGI script.
www-sql-0.2.1: 28-Jul-1997
- fixed up some of the documentation
- made configure look in more places for mysql libraries.
- added --enable-static-lib-kludge to configure as a hack on
systems where www-sql doesn't link properly. I will have
to find the real reason, and fix it properly.
- altered the makefile to reflect other changes.
www-sql-0.2:
- first public release.