Skip to content

Commit

Permalink
corrected doc indentation
Browse files Browse the repository at this point in the history
  • Loading branch information
melissam committed Aug 9, 2012
1 parent b66020b commit efb2fa1
Showing 1 changed file with 46 additions and 16 deletions.
62 changes: 46 additions & 16 deletions contribs/lib/SQLite3/sqlite3.tex
View file
Expand Up @@ -11,14 +11,23 @@
\begin{document}
\section{Introduction}
\label{Introduction}
This document provides overview of how the library for SQLite works. The code base is written on top of the SQLite3 C/C++ Interface. This library supports some features of the low-level library, implemented in a higher level basis.
The library allows making use of data types as queries. The aim of this library is to avoid SQL injections which are the most common security issues. To avoid this we have defined a datatype which describes qqueries. The queries are written using these data types and parsed as quoted string while replacing values with indexed question mark to be binded with the statement.
This document provides overview of how the library for SQLite works. The code base is written on top of the SQLite3 C/C++ Interface.
This library supports some features of the low-level library, implemented in a higher level basis.
The library allows making use of data types as queries. The aim of this library is to avoid
SQL injections which are the most common security issues.
To avoid this we have defined a datatype which describes qqueries.
The queries are written using these data types and parsed as quoted string
while replacing values with indexed question mark to be binded with the statement.
\section{Using the library}
\label{Using the library}
Simple examples have been provided in the testunit.idr file.
To open a database, use the open\_db function which takes the filename as a string. This function implements the sqlite3\_open function . This function returns a pointer to the database which can be used by other function to access the database object.
Whether or not an error occurs when it is opened, resources should be released by passing it to close\_db when it is no longer required.
A query can then be builts using the supported data types . The library supports limited number of queries at the moment. The supported sql commands are :
To open a database, use the open\_db function which takes the filename as a string.
This function implements the sqlite3\_open function .
This function returns a pointer to the database which can be used by other function to access the database object.
Whether or not an error occurs when it is opened,
resources should be released by passing it to close\_db when it is no longer required.
A query can then be builts using the supported data types .
The library supports limited number of queries at the moment. The supported sql commands are :
\newline
\newline
\textbf{SELECT,}
Expand All @@ -29,16 +38,19 @@ \section{Using the library}
\subsection{Creating Queries}
\label{Creating Queries}

To create a query, use the evalSQL function which takes an empty list and the SQL query. The routine evaluates the expression in a divide and conquer manner (or recursive?)
To create a query, use the evalSQL function which takes an empty list and the SQL query.
The routine evaluates the expression in a divide and conquer manner (or recursive?)
filling up the list with the received values. For instance the following is a valid query:

let sql = evalSQL [ ] ((SELECT ALL)(TBL ["tbl1"]) (MkCond (MkNULL (VCol "data"))))
\newline
\newline{This will be parsed as :}
\\“SELECT * FROM tbl1 WHERE data IS NULL “

The evaluator returns a string and a list of indexed values. The string part of the query could be parsed to prepare.
evalSQL parses the query as a string replacing values with ? and an index starting from one, storing them in the list given to it as an argument.
The evaluator returns a string and a list of indexed values.
The string part of the query could be parsed to prepare.
evalSQL parses the query as a string replacing values with ? and an index starting from one,
storing them in the list given to it as an argument.
For example:


Expand All @@ -51,9 +63,14 @@ \subsection{Creating Queries}
and returns the list as follows:
\newline{(Just (1, VStr "data0")) ,(Just (2, VInt 1)) , (Just (3, VInt 2))}

The values in the list are binded to the statement using bindMulti function. This function takes the statement pointer returned by prepare and the list returned by evalSQL, and binds the values by calling the appropriate functions.
The values in the list are binded to the statement using bindMulti function.
This function takes the statement pointer returned by prepare and the list returned by evalSQL,
and binds the values by calling the appropriate functions.

The function exec\_db\_v2 executes the statement. Note that the other version of exec\_db implements the sqlite3\_exec() interface which is a wrapper around sqlite3\_prepare\_v2(), sqlite3\_step(), and sqlite3\_finalize(), without having to use a lot of code, though the use of this function is not recommended in this case.
The function exec\_db\_v2 executes the statement.
Note that the other version of exec\_db implements the sqlite3\_exec() interface which is a wrapper
around sqlite3\_prepare\_v2(), sqlite3\_step(), and sqlite3\_finalize(),
without having to use a lot of code, though the use of this function is not recommended in this case.

The functions finalize\_db and close\_db must be called to clean up the open resources.
To print the result, the function toList\_v1 can be used which takes a DBPointer.
Expand All @@ -75,16 +92,27 @@ \section{Evaluating Queries}
\label{Evaluating Queries}
\subsection{SQL Data Type}
\label{SQL Data Type}
The SQL Data Types describe the queries that are supported by the library. Data type Value consists of Int, String and Float. The data type can be extended to further support queries. The evaulator function makes use of smaller function to evaulate parts of the query. For instance given a SELECT qeury, it calls evalSQL to obtain the list of tables, and clauseString to evaluate the rest of the expression which could include a WHERE clause or could be Empty.
The SQL Data Types describe the queries that are supported by the library.
Data type Value consists of Int, String and Float.
The data type can be extended to further support queries.
The evaulator function makes use of smaller function to evaulate parts of the query.
For instance given a SELECT qeury, it calls evalSQL to obtain the list of tables,
and clauseString to evaluate the rest of the expression which could include a WHERE clause or could be Empty.
\subsection{evalSQL Function}
\label{evalSQL Function}
This is a recursive evaluator which makes a call to itself. An SQL could consist of a SELECT ALL or Columns followed by another SQL which could be a nested query or just the name of the table(s). It then call the appropriate functions to evaluate the query. It returns the well-quoted String expression and a list of indexed values which are passed to the bind function.
This is a recursive evaluator which makes a call to itself.
An SQL could consist of a SELECT ALL or Columns followed by another SQL
which could be a nested query or just the name of the table(s).
It then call the appropriate functions to evaluate the query.
It returns the well-quoted String expression and a list of indexed values which are passed to the bind function.
\section{Pointers passed to Idris functions}
\label{Pointers passed to Idris functions}

The library uses FFI. In order to make the pointers passed to functions more explicit, we have defined them as data types. For instance open\_db takes a String and returns a DBPointer and prepare\_db
The library uses FFI. In order to make the pointers passed to functions more explicit,
we have defined them as data types. For instance open\_db takes a String and returns a DBPointer and prepare\_db
takes a DBPointer and returns a StmtPtr(Statemenet Pointer).
Error handling is done using the \emph {DB a} data type which is either \emph {IO String} which indicates an error or \emph{ IO a}.
Error handling is done using the \emph {DB a} data type which
is either \emph {IO String} which indicates an error or \emph{ IO a}.
To test the functions in main, you need to use runDB which takes a \emph{ DB a} and returns IO a.
\begin{center}
\centering runDB : DB a $\rightarrow$ IO a
Expand All @@ -94,8 +122,10 @@ \section{Pointers passed to Idris functions}
\section{Using the C Functions}
\label{Using the C Functions}

For example calling get\_table after prepare\_db could lead to segmentation fault since get\_table calls sqlite3\_prepare etc
Functions such as exec\_db and get\_table are wrapper functions and calling these before finalizing a prepared query could cause segmentation fault.
For example calling get\_table after prepare\_db could lead to
segmentation fault since get\_table calls sqlite3\_prepare etc
Functions such as exec\_db and get\_table are wrapper functions
and calling these before finalizing a prepared query could cause segmentation fault.
Perhaps these functions could be removed from the library if no longer required in the future.

\end{document}

0 comments on commit efb2fa1

Please sign in to comment.