RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-20 14:35:07 +00:00
Code Issues Activity Actions

LibSQL: Parse and execute sequential placeholder values

Browse source 
This partially implements SQLite's bind-parameter expression to support
indicating placeholder values in a SQL statement. For example:

    INSERT INTO table VALUES (42, ?);

In the above statement, the '?' identifier is a placeholder. This will
allow clients to compile statements a single time while running those
statements any number of times with different placeholder values.

Further, this will help mitigate SQL injection attacks.
This commit is contained in:
Timothy Flynn 2022-12-01 22:20:55 -05:00 committed by Andreas Kling
parent 53f8d62ea4
commit b2b9ae27fd
10 changed files with 154 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibSQL/AST/Statement.cpp
View file

@ -11,9 +11,9 @@
namespace SQL::AST {
ResultOr<ResultSet> Statement::execute(AK::NonnullRefPtr<Database> database) const
ResultOr<ResultSet> Statement::execute(AK::NonnullRefPtr<Database> database, Span<Value const> placeholder_values) const
{
ExecutionContext context { move(database), this, nullptr };
ExecutionContext context { move(database), this, placeholder_values, nullptr };
auto result = TRY(execute(context));
// FIXME: When transactional sessions are supported, don't auto-commit modifications.