Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Statement Parameters are not handled correctly #25

Open
BramGruneir opened this issue Aug 6, 2018 · 9 comments
Open

Statement Parameters are not handled correctly #25

BramGruneir opened this issue Aug 6, 2018 · 9 comments

Comments

@BramGruneir
Copy link

The common ones that I can think of are:

  • ?
  • $0, $1 ...
  • %0, %1 ...

I guess, it's probably best to handle ?, $, % with and without numbers.

e.g.

SELECT * FROM pg_catalog.pg_foreign_table WHERE ftrelid = ?;
@maddyblue
Copy link
Owner

What's the motivation for this? Pg/CRDB don't support ? afaik. sqlfmt has a limited goal of parsing PG SQL.

@BramGruneir
Copy link
Author

Query rewriting when coding and eventually integration within an editor. I get a ton of queries that are destined not to be ingested directly, but instead used in coding. I always want those formatted correctly.

Golang's db package uses ? for example:

updateMoney, err := db.Prepare("UPDATE balance SET money=money+? WHERE id=?")
...
tx, err := db.Begin()
...
res, err := tx.Stmt(updateMoney).Exec(123.45, 98293203)

This is from here:
https://golang.org/pkg/database/sql/#Tx.Stmt

@maddyblue
Copy link
Owner

I guess my point is that currently, sqlfmt's goal is to format PG SQL. ? is not valid in postgres, so sqlfmt also doesn't think it's valid. Supporting all or more forms of SQL changes the goal of sqlfmt. Maybe that's ok but it would bump the complexity up at least a little.

@BramGruneir
Copy link
Author

If I have some spare cycles, I might hack away and send you a PR. This hurts the usefulness of the website when coding.

@maddyblue
Copy link
Owner

Ok. Out of curiosity, how do you expect this to work? We'd have to teach the cockroach parser about ?. Maybe we could change the placeholder datum type to also take a placeholder character so it can parse and print them correctly? @knz thoughts?

@BramGruneir
Copy link
Author

I honestly haven't looked at it all, but yes, that was the idea.

@knz
Copy link
Contributor

knz commented Aug 6, 2018

This is going to break horribly. What you really need to do is to filter the query through the Go text subtitution for question marks (which may live in lib/pq?) and the get the placeholders out of that, then parse that with sqlfmt.

@knz
Copy link
Contributor

knz commented Aug 7, 2018
edited
Loading

So the detail of why it will break:

  • the usage of a ? for placeholders is not part of the pgwire protocol / pg SQL syntax. It is the responsibility of the client driver/framework to perform this substitution.
  • when the developer of a client driver/framework makes a mistake and does not perform this substitution correctly, it is the responsibility of the pg/crdb server to report an error ("syntax '?' not recognized" or similar) to explain to the client programmer that they made a mistake
  • if we were to change crdb to silently accept this syntax for whatever reason, we'd start silently accepting bogus requests by erroneous client drivers. Who knows what hell would ensue (including potentially insecure data being processed by our engine...)

@knz
Copy link
Contributor

knz commented Aug 7, 2018

I also forgot to mention that a standalone ? is a valid SQL operator now (it's a JSON operator).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maddyblue @knz @BramGruneir