Merge pull request #216 from c42f/cjf/sqlstrings

Integration with SQLStrings.jl

Author: iamed2

Project.toml

@@ -1,7 +1,7 @@
 name = "LibPQ"
 uuid = "194296ae-ab2e-5f79-8cd4-7183a0a5a0d1"
 license = "MIT"
-version = "1.11.0"
+version = "1.12.0"
 
 [deps]
 CEnum = "fa961155-64e5-5f13-b03f-caf6b980ea82"
@@ -17,6 +17,7 @@ LibPQ_jll = "08be9ffa-1c94-5ee5-a977-46a84ec9b350"
 Libdl = "8f399da3-3557-5675-b5ff-fb832c97cbdb"
 Memento = "f28f55f0-a522-5efc-85c2-fe41dfb9b2d9"
 OffsetArrays = "6fe1bfb0-de20-5000-8ca7-80f57d26f881"
+SQLStrings = "af517c2e-c243-48fa-aab8-efac3db270f5"
 Tables = "bd369af6-aec1-5ad0-b16a-f7cc5008161c"
 TimeZones = "f269a46b-ccf7-5d73-abea-4c690281aa53"
 
@@ -32,6 +33,7 @@ LayerDicts = "1"
 LibPQ_jll = "14"
 Memento = "0.10, 0.11, 0.12, 0.13, 1"
 OffsetArrays = "0.9.1, 0.10, 0.11, 1"
+SQLStrings = "0.1"
 Tables = "0.2, 1"
 TimeZones = "0.9.2, 0.10, 0.11, 1"
 julia = "1.6"

src/LibPQ.jl

@@ -26,6 +26,7 @@ using IterTools: imap
 using LayerDicts
 using Memento: Memento, getlogger, warn, info, error, debug
 using OffsetArrays
+using SQLStrings
 using TimeZones
 
 const Parameter = Union{String,Missing}

src/asyncresults.jl

@@ -236,6 +236,11 @@ function _multi_async_execute(jl_conn::Connection, query::AbstractString; kwargs
     return async_result
 end
 
+function async_execute(jl_conn::Connection, query::SQLStrings.Sql; kwargs...)
+    query_str, parameters = SQLStrings.prepare(query)
+    return async_execute(jl_conn, query_str, parameters; kwargs...)
+end
+
 function async_execute(
     jl_conn::Connection,
     query::AbstractString,

src/results.jl

@@ -299,6 +299,11 @@ function _multi_execute(
     return handle_result(Result(result, jl_conn; kwargs...); throw_error=throw_error)
 end
 
+function execute(jl_conn::Connection, query::SQLStrings.Sql; kwargs...)
+    query_str, parameters = SQLStrings.prepare(query)
+    return execute(jl_conn, query_str, parameters; kwargs...)
+end
+
 function execute(
     jl_conn::Connection,
     query::AbstractString,

test/runtests.jl

@@ -10,6 +10,7 @@ using IterTools: imap
 using Memento
 using Memento.TestUtils
 using OffsetArrays
+using SQLStrings
 using TimeZones
 using Tables
 
@@ -1520,6 +1521,40 @@ end
             close(conn)
         end
 
+        @testset "SQLString" begin
+            conn = LibPQ.Connection("dbname=postgres user=$DATABASE_USER")
+
+            execute(conn, sql```
+               CREATE TEMPORARY TABLE libpq_test_users (
+                   id integer primary key,
+                   name text
+               )```)
+            # The canonical SQL injection https://xkcd.com/327/
+            for (id,name) in [(1,"Foo"), (2, "Robert'); DROP TABLE libpq_test_users; --")]
+                execute(conn, sql```
+                        INSERT INTO libpq_test_users
+                        VALUES ( $id, $name )
+                        ```)
+            end
+            result = execute(conn, sql`SELECT * from libpq_test_users where id = 2`)
+            @test first(result).name == "Robert'); DROP TABLE libpq_test_users; --"
+
+            # Splatting example
+            user = (3,"Bar")
+            execute(conn, sql```
+                    INSERT INTO libpq_test_users
+                    VALUES ( $(user...) )
+                    ```)
+            bar_id = 3
+            result = execute(conn, sql`SELECT * from libpq_test_users where id = $bar_id`)
+            @test first(result).name == "Bar"
+
+            # Async with SqlStrings
+            ar = async_execute(conn, sql`SELECT * from libpq_test_users where id = 1`)
+            result = fetch(ar)
+            @test first(result).name == "Foo"
+        end
+
         @testset "Query Errors" begin
             @testset "Syntax Errors" begin
                 conn = LibPQ.Connection("dbname=postgres user=$DATABASE_USER"; throw_error=true)