semicolons are invalid characters

[AdamFerguson]

Cool idea for a library! Seems like the parser breaks if the sql statement contains ; characters currently. I'm working on a use case right now where I'm trying to send lots of transactions as one statement to execute like this:

BEGIN;
UPDATE .... ;
COMMIT;
BEGIN;
UPDATE .... ;
COMMIT;

Would be nice if it could parse this without throwing an error. Is there a reason semi-colons are considered not kosher?

[twada]

@AdamFerguson First, thank you for using twowaysql! And thank you for your suggestion.

Hmm... in general terms, accepting semicolons and running multiple statements in a single sql string is not a good idea for security reasons (increases SQL Injection risk), and turned off by many DB drivers by default.

So even if twowaysql accepts multiple statements, database driver will not allow you to execute statements unless turning on flags like MULTI_STATEMENTS explicitly.

My opinion is to split file into statements and let ORMs handle transactions.

content = File.new('multiple_statements.sql').read
content.split(/\;\s*\n/).each do |statement|
  DB.transaction do # BEGIN
    DB["UPDATE .... "]
  end # COMMIT
end

[AdamFerguson]

Great, thanks for the info on the security concerns with running multiple statements @twada and thanks again for the library.