-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature request] Add chunk API to QueryBuilder #3615
Comments
This seems like something that can incubate as its own crate. I think it's gonna take some significant iteration to land on an API that's flexible enough for most uses without being too arcane. |
I've given it a quick try and it's not trivial:
Basically an external crate would need to create its own QueryBuilder type from scratch. By itself that's not infeasible, QueryBuilder isn't used from sqlx anyway, but that's an awkward approach. |
Gave it a try, and even copying the QueryBuilder code has problems, because Query and QueryAs have no public constructors. This means you need to build a temporary QueryBuilder to create a Query; you can't do it in |
After spending a few hours on this, my takeaway is that it's feasible, but not without maintainer support for changes to sqlx internals. The biggest break from sqlx's current design philosophy is that, while sqlx encourages a "push everything into one buffer" approach, the API I'm recommending in this issue is closer to "create intermediary buffers, push to them, then push the intermediary buffer to the main buffer". It's the difference between using The second approach is more expressive, but leads to more memcpys and more intermediary allocations. This is something sqlx tries really hard to avoid right now (as can be seen in the implementations of the Building a query is almost always going to be infinitely faster than executing the query. I don't think skipping a few mallocs is worth the extra complexity of the current design. In any case, I'm available if someone from the project wants to discuss this further. Otherwise, without maintainer interest, I think this feature is dead in the water. |
I was recently looking at a Rust app building some SQL queries, and trying to rewrite it to avoid injection vulnerabilities.
The unsafe version has code like this:
The safe version becomes:
I have several problems with the safe version:
{} = '{}'
, your brain has to stitch that string together from multiple lines of code.push_unseparated
. I missed that footgun the first time I wrote that function.My proposed solution:
push_fragment()
method to both QueryBuilder and Separated that takes a QueryBuilder.query_fragment
macro which returns a QueryBuilder.With those two features, the code above becomes:
I believe that version is much more readable and less footgun-y.
Is this something that would fit sqlx's API? I would be willing to write the PR if there's interest.
The text was updated successfully, but these errors were encountered: