how to rebind-connection a sql file

[vinurs]

int my project, we can use (conman/bind-connection db "sql/queries.sql") to bind a sql file to a connection, but, when i compile the project to a jar package, and run it, then i connect to the server by nrepl and when i modify the sql, so how can i rebind the sql file to the connection?

[yogthos]

Running (conman/bind-connection db "sql/queries.sql") will rebind the new connection to the queries. However, if you've compiled a jar, the queries.sql will be loaded relative to the resource path of the jar, not externally.

[csummers]

@vinurs asked this same question of HugSQL, where you are able to use a java.io.File outside of the resource path. Since conman wraps HugSQL's map-of-db-fns, I initially assumed you could do the same for the specified file. Upon further inspection, though, it looks like conman is expecting a string file path.

https://github.com/layerware/hugsql/issues/85

[yogthos]

Ah makes sense, I'll update to allow taking a File as well.

[vinurs]

@yogthos thanks very much, in HugSQL, there seems a option that can prevent SQL injection, but in conman it seems doesn't support it, could you update it?

[yogthos]

Sure, what option are you referring to specifically?

[vinurs]

@yogthos this is the option:

By default, identifiers are not quoted. You can specify your desired quoting as an option when defining your functions or as an option when calling your function.

If you are taking identifiers from user input, you should use the :quoting option to properly quote and escape identifiers to prevent SQL injection!

Valid :quoting options are:

:ansi double-quotes: "identifier"
:mysql backticks: `identifier`
:mssql square brackets: [identifier]
:off no quoting (default)
Identifiers containing a period/dot . are split, quoted separately, and then rejoined. This supports myschema.mytable conventions.

(hugsql.core/def-db-fns "path/to/good.sql" {:quoting :ansi})

[yogthos]

I think that should already work, you can pass an options map as the first argument to bind-connection, e.g: (bind-connection conn {:quoting :ansi} "path/to/queries.sql").

[yogthos]

@vinurs I pushed out a new version 0.8.0 that supports loading queries from a file object. Unfortunately, this won't work with the bind-connection macro, so now there's a bind-connection-mapfunction that returns the map of generated queries and snippets. There are also a couple of helpers to make it easier to work with the map called snip and query. Usage looks as follows:

(def queries (bind-connection conn {:quoting :ansi} (java.io.File. "test/queries.sql")))

(query queries
            :add-fruit!
            {:name       "apple"
             :appearance "red"
             :cost       1
             :grade      1})

(query queries
           :get-fruit-by
           {:by-appearance
            (snip queries :by-appearance {:appearance "red"})})

Let me know if this looks good to you.

[vinurs]

@yogthos thanks very much, i'll try it.

[yogthos]

Looks like things are working on my end, so I'm going to close this. If anything comes up we can revisit.