Added a few SQL modes #360
Conversation
|
|
|
Hi, thanks for raising a pull request. If you check out our contribution guidelines you'll see we prefer feature request/suggestions are first discussed on the mailing list or slack team. Note we also reserve the right to close PRs that have failed to follow our contribution guidelines. This PR does not include any information about what it is adding. The one line title is not enough for us to understand what it is doing. Please describe in detail what functionality this adds, what problems it solves etc. Thanks! |
|
Any updates on this PR? |
|
@atsage the edited description is still not really enough, you need to explain what problems it is solving. Also as noted these changes should have been discussed on the mailing list or slack first. Also before any PR can be accepted you MUST sign the CLA. |
storage/sqlite/sqlite.js
Outdated
| else { | ||
| msg.payload = row; | ||
| node.send(msg); | ||
| if (this.sqltype == "msg.topic"){ |
There was a problem hiding this comment.
this will break all previous version of the node unless defaulted correctly.
|
Hey guys, finally came back around to finish this up. I defaulted to msg.topic if nothing is set to keep backward compatibility. Not sure what else to add to the description of what this PR does, the first post in the thread covers everything. It's an enhancement to prevent SQL injection by providing prepared statements. |
5 participants
Fixes SQL injection.
Added SQL Mode and SQL Statement entry to the config. SQL Mode allows selection of how the SQL statement is provided to the node. msg.topic operates as the node currently operates. Normal uses the SQL statement entered on the config. Prepared uses the statement entered on the config and passes in parameters from msg.params. SQL Statement is a ACE editor for SQL Queries.