Disallow ?i non-linear substitutions

paurkedal / ocaml-caqti

Cooperative-threaded access to relational data

https://paurkedal.github.io/ocaml-caqti/index.html

GNU Lesser General Public License v3.0

299 stars 36 forks source link

Disallow ?i non-linear substitutions #79

Closed reynir closed 2 years ago

reynir commented 2 years ago

In the discussion for PR #77 @paurkedal brought up that caqti offers a choice between ? and $n. In practice, it was possible to use ?n with the sqlite3 driver as long as the number of substitutions corresponds to the number of arguments. The following query would work:

SELECT * FROM house WHERE color = ?2 AND city = ?1

while the following would fail:

SELECT * FROM house WHERE color = ?2 AND (?1 IS NULL OR city = ?1)

paurkedal commented 2 years ago

The issue is obscured by the fact that the error occurs in the reconstruction of the query string. The string ?1 is supposed to mean a parameter followed by a literal 1. However, that would require drivers to insert a space in some cases when reconstructing the string. The issue will also occur in case of PostgreSQL, but in this case one would typically get a two-digit parameter which will be out of range, so at least a runtime error. So, I think solution may be best one, even though the issue is not really in the parser.

I may also change the sqlite driver to non-linear parameters, since they are more optimal and I can see it is not a recent addition.