fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2025-12-22 09:19:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibSQL: Parse and execute sequential placeholder values

Browse Source 
This partially implements SQLite's bind-parameter expression to support
indicating placeholder values in a SQL statement. For example:

    INSERT INTO table VALUES (42, ?);

In the above statement, the '?' identifier is a placeholder. This will
allow clients to compile statements a single time while running those
statements any number of times with different placeholder values.

Further, this will help mitigate SQL injection attacks.
This commit is contained in:
Timothy Flynn
2022-12-01 22:20:55 -05:00
committed by Andreas Kling
parent 53f8d62ea4
commit b2b9ae27fd
10 changed files with 154 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Tests/LibSQL/TestSqlExpressionParser.cpp
View File

@@ -131,6 +131,19 @@ TEST_CASE(null_literal)
validate("NULL"sv);
}
TEST_CASE(bind_parameter)
{
auto validate = [](StringView sql) {
auto result = parse(sql);
EXPECT(!result.is_error());
auto expression = result.release_value();
EXPECT(is<SQL::AST::Placeholder>(*expression));
};
validate("?"sv);
}
TEST_CASE(column_name)
{
EXPECT(parse(".column_name"sv).is_error());