ObjPgSQL  Check-in [30633656b0]

Overview
Comment:Remove -[PGConnection insertRow:]

It can be used in a way that leads to security issues, so it's better
not to have it at all.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 30633656b050a8f3f41989bed97bb200a0a583bd47e69fd36f2ae450c4bad606
User & Date: js on 2024-08-11 17:22:05
Other Links: manifest | tags
Context
2024-08-11
17:45
Add documentation check-in: e4c8de38e0 user: js tags: trunk
17:22
Remove -[PGConnection insertRow:] check-in: 30633656b0 user: js tags: trunk
09:22
Change license to unmodified ISC check-in: 31c5599df5 user: js tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified src/PGConnection.h from [6557d3c745] to [a09ffbf71b]. 

37
38
39
40
41
42
43
44
45
46
47
48
49


- (void)connect;
- (void)reset;
- (void)close;
- (nullable PGResult *)executeCommand: (OFConstantString *)command;
- (nullable PGResult *)executeCommand: (OFConstantString *)command
			   parameters: (id)firstParameter, ... OF_SENTINEL;
- (void)insertRow: (PGRow)row intoTable: (OFString *)table;
- (void)insertRows: (OFArray OF_GENERIC(PGRow) *)rows
	 intoTable: (OFString *)table;
@end

OF_ASSUME_NONNULL_END








<
<
<




37
38
39
40
41
42
43



44
45
46


- (void)connect;
- (void)reset;
- (void)close;
- (nullable PGResult *)executeCommand: (OFConstantString *)command;
- (nullable PGResult *)executeCommand: (OFConstantString *)command
			   parameters: (id)firstParameter, ... OF_SENTINEL;



@end

OF_ASSUME_NONNULL_END

Modified src/PGConnection.m from [08b3010634] to [2f9bde1ae6]. 

160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236

	default:
		PQclear(result);
		@throw [PGCommandFailedException
		    exceptionWithConnection: self
				    command: command];
	}
}

- (void)insertRow: (PGRow)row intoTable: (OFString *)table
{
	void *pool = objc_autoreleasePoolPush();
	OFMutableString *command;
	OFEnumerator *enumerator;
	const char **values;
	PGresult *result;
	OFString *key, *value;
	size_t i, count;

	command = [OFMutableString stringWithString: @"INSERT INTO "];
	[command appendString: table];
	[command appendString: @" ("];

	count = row.count;

	i = 0;
	enumerator = [row keyEnumerator];
	while ((key = [enumerator nextObject]) != nil) {
		if (i > 0)
			[command appendString: @", "];

		[command appendString: key];

		i++;
	}

	[command appendString: @") VALUES ("];

	values = OFAllocMemory(count, sizeof(*values));
	@try {
		i = 0;
		enumerator = [row objectEnumerator];
		while ((value = [enumerator nextObject]) != nil) {
			if (i > 0)
				[command appendString: @", "];

			values[i] = value.UTF8String;

			[command appendFormat: @"$%zd", ++i];
		}

		[command appendString: @")"];

		result = PQexecParams(_connection, command.UTF8String,
		    (int)count, NULL, values, NULL, NULL, 0);
	} @finally {
		OFFreeMemory(values);
	}

	objc_autoreleasePoolPop(pool);

	if (PQresultStatus(result) != PGRES_COMMAND_OK) {
		PQclear(result);
		@throw [PGCommandFailedException
		    exceptionWithConnection: self
				    command: command];
	}

	PQclear(result);
}

- (void)insertRows: (OFArray OF_GENERIC(PGRow) *)rows
	 intoTable: (OFString *)table
{
	for (OFDictionary *row in rows)
		[self insertRow: row intoTable: table];
}
@end








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<


160
161
162
163
164
165
166





































































167

	default:
		PQclear(result);
		@throw [PGCommandFailedException
		    exceptionWithConnection: self
				    command: command];
	}
}





































































@end

Modified tests/Tests.m from [bddcb08bb6] to [be5bedb02c]. 

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

			 parameters: [OFNumber numberWithInt: 1], @"foo",
				     @"Hallo Welt!", nil];
	[_connection executeCommand: @"INSERT INTO test (id, content, success) "
				     @"VALUES ($1, $2, $3)"
			 parameters: [OFNumber numberWithInt: 2],
				     [OFNumber numberWithInt: 2],
				     [OFNumber numberWithBool: true], nil];
	[_connection insertRow: [OFDictionary dictionaryWithKeysAndObjects:
				    @"content", @"Hallo!", @"name", @"foo", nil]
		     intoTable: @"test"];

	result = [_connection executeCommand: @"SELECT * FROM test"];
	OFLog(@"%@", result);
	OFLog(@"JSON: %@", [result JSONRepresentation]);

	for (id row in result)
		for (id col in row)








<
<
<








55
56
57
58
59
60
61



62
63
64
65
66
67
68

			 parameters: [OFNumber numberWithInt: 1], @"foo",
				     @"Hallo Welt!", nil];
	[_connection executeCommand: @"INSERT INTO test (id, content, success) "
				     @"VALUES ($1, $2, $3)"
			 parameters: [OFNumber numberWithInt: 2],
				     [OFNumber numberWithInt: 2],
				     [OFNumber numberWithBool: true], nil];




	result = [_connection executeCommand: @"SELECT * FROM test"];
	OFLog(@"%@", result);
	OFLog(@"JSON: %@", [result JSONRepresentation]);

	for (id row in result)
		for (id col in row)