In the SqliteStore, in places where we search for multiple entities (such as get_block_headers()), we format the SQL query to use IN () statements. We should likely enable the rarray extension and use that. This way we avoid formatting the query which can lead to SQL injections.
Additionally, we should implement a way to retrieve multiple InputNoteRecords in one query only. This should be used from the data store in order to get all inputs as once.
How should it be done?
We should enable the extension and implement the queries like in this example.
When is this task done?
When we don't format the SQL statements and use rarray instead.
mFragaBA
commented
2 months ago
What should be done?
In the
SqliteStore, in places where we search for multiple entities (such asget_block_headers()), we format the SQL query to useIN ()statements. We should likely enable therarrayextension and use that. This way we avoid formatting the query which can lead to SQL injections.Additionally, we should implement a way to retrieve multiple
InputNoteRecordsin one query only. This should be used from the data store in order to get all inputs as once.How should it be done?
We should enable the extension and implement the queries like in this example.
When is this task done?
When we don't format the SQL statements and use
rarrayinstead.Additional context
No response