-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: introduce new API ParseWithParams (#22499) #22548
*: introduce new API ParseWithParams (#22499) #22548
Conversation
/run-all-tests |
@xhebox you're already a collaborator in bot's repo. |
LGTM |
LGTM |
LGTM |
/merge |
Sorry @bb7133, this branch's release version is in progress, please contact zhouqiang-cl,shuke987,jebter,you06 for more details. |
@AilinKid: Please use If you have approved this PR, please ignore this reply. This reply is being used as a temporary reply during the migration of the new bot and will be removed on April 1. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/run-all-tests |
Is this branch merge-able now? |
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
Signed-off-by: xhe <xw897002528@gmail.com>
a99dbc9
to
449f3e5
Compare
It depends on whether the 4.0 branch is still frozen |
Signed-off-by: xhe <xw897002528@gmail.com>
/merge |
@morgo: It seems you want to merge this PR, I will help you trigger all the tests: /run-all-tests You only need to trigger If you have any questions about the PR merge process, please refer to pr process. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
This pull request has been accepted and is ready to merge. Commit hash: f248dbd
|
@ti-srebot: Your PR was out of date, I have automatically updated it for you. At the same time I will also trigger all tests for you: /run-all-tests Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
cherry-pick #22499 to release-4.0
You can switch your code base to this Pull Request by using git-extras:
# In tidb repo: git pr https://github.com/pingcap/tidb/pull/22548
After apply modifications, you can push your change to this PR via:
What problem does this PR solve?
Problem Summary: This PR adds a new API
ParseWithParams
to help process unsafe arguments than justfmt.Sprintf
. Also a helper APIExecuteInternal
that is usingParseWithParams
andExecuteStmt
.I did not use
PrepareStmt
since it is not possible to use placeholder likeselect * from t where c in ?
. But we do have such requirement.ExecuteInternal
is redefined to useParseWithParams
and always use utf8 charset for safety. But it is still needed to modify cases likeExecuteInternal(fmt.Sprintf(...))
.ExecRestrictedSQL
is too large, thus it is both annoying and duplicated to write a newRestrictedSQLExecutor
based onParseWithParams
. From the git history, this is a very legacy API that is 4 or 5 years old. It should be removed/refactored in further works. So the current plan is, write likeExecRestrictedSQL(session.EscapeSQL(sql, args...))
. And it will goes to the modifiedExecuteInternal
eventually to use utf8 charset to prevent attacks based on charsets.Check List
Tests
Release note