Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom SQL query execution #104

Closed
kdhrubo opened this issue Jan 8, 2024 · 8 comments
Closed

Support custom SQL query execution #104

kdhrubo opened this issue Jan 8, 2024 · 8 comments
Assignees
@souravroy
Labels
enhancement New feature or request
Milestone
Jan2024

Comments

@kdhrubo
Copy link
Collaborator

kdhrubo commented Jan 8, 2024
edited
Loading

POST Request :
/query --> QueryController
input payload - use named parameter jdbc template.
named parameters are easy to debug

{
   "sql" : "SELECT FIRST_NAME,LAST_NAME FROM EMPLOYEE WHERE ID = :id",
    "params" : {
        "id" : 1
    },
    "single" : true
}

The parameter single is optional - it indicates if the query returns 1 result when set to true. Otherwise, by default it returns a list.
@kdhrubo kdhrubo added the enhancement New feature or request label Jan 8, 2024
@kdhrubo kdhrubo added this to the Jan2024 milestone Jan 8, 2024
@thadguidry
Copy link
Collaborator

thadguidry commented Jan 9, 2024
edited
Loading

Ensure backtick ` and ' single quote work just fine within the SQL statement there (as well as any other special characters SQL eats without problem). Which component actually does the validation parsing here for what's between the double-quotes? And when does that component actually do the checking, what's the sequence actually look like?

@kdhrubo
Copy link
Collaborator Author

kdhrubo commented Jan 9, 2024

@thadguidry - can you please share some examples

Mandatory attributes can be checked in the controller.

@thadguidry
Copy link
Collaborator

Just search for "sql string literals".
https://stackoverflow.com/a/11321508
https://dev.mysql.com/doc/refman/8.2/en/string-literals.html
Where the whole structure for MySQL is here: https://dev.mysql.com/doc/refman/8.2/en/language-structure.html

@thadguidry
Copy link
Collaborator

thadguidry commented Jan 9, 2024
edited
Loading

And over the years, as UTF-8 needed to be supported fully...many things changed and were deprecated. For example, in MySQL:

Use of the dollar sign as the first character in the unquoted name of a database, table, view, column, stored program, or alias is deprecated, including such names used with qualifiers (see Section 9.2.2, “Identifier Qualifiers”). An unquoted identifier beginning with a dollar sign cannot contain any additional dollar sign characters. Otherwise, the leading dollar sign is permitted but triggers a deprecation warning.

As a best practice, I'd require having to single quote objects. Tables, etc.

@thadguidry
Copy link
Collaborator

There's a Java library that does validation stuff and I think Tony used it for the Database extension in OpenRefine, if I recall. Need me to find it?

@souravroy souravroy added the work in progress Issue that is being currently worked on label Jan 12, 2024
@kdhrubo kdhrubo removed the work in progress Issue that is being currently worked on label Jan 14, 2024
@kdhrubo
Copy link
Collaborator Author

kdhrubo commented Jan 14, 2024

Let the database perform these validations, DB2Rest in this case just acts as facilitator.

@souravroy
Copy link
Collaborator

@kdhrubo Could you please review following PR ?
#156

@kdhrubo
Copy link
Collaborator Author

kdhrubo commented Jan 17, 2024

@souravroy closing this ticket.

@kdhrubo kdhrubo closed this as completed Jan 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@souravroy souravroy

Labels
enhancement New feature or request
Projects
None yet
Milestone
Jan2024
Development

No branches or pull requests
3 participants
@thadguidry @kdhrubo @souravroy