mirrors/Nim
1
0
Fork 0
mirror of https://github.com/nim-lang/Nim.git synced 2026-04-18 21:40:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

add check to dbFormat() to verify parameter substitution has "?" identifier

Browse Source 
add check to prepare() that parameter substitution has "$1" identifier
This commit is contained in:
JamesP
2015-09-17 09:42:40 +10:00
committed by Dominik Picheta
parent 86e2d6ee90
commit 4e19106221
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/impure/db_postgres.nim
View File

@@ -64,6 +64,8 @@ proc dbQuote*(s: string): string =
proc dbFormat(formatstr: SqlQuery, args: varargs[string]): string =
result = ""
var a = 0
if args.len > 0 and not string(formatstr).contains("?"):
dbError("""parameter substitution expects "?" """)
for c in items(string(formatstr)):
if c == '?':
if args[a] == nil:
@@ -125,6 +127,8 @@ proc setupQuery(db: DbConn, stmtName: SqlPrepared,
proc prepare*(db: DbConn; stmtName: string, query: SqlQuery;
nParams: int): SqlPrepared =
if nParams > 0 and not string(query).contains("$1"):
dbError("""parameter substitution expects "$1" """)
var res = pqprepare(db, stmtName, query.string, int32(nParams), nil)
if pqResultStatus(res) != PGRES_COMMAND_OK: dbError(db)
return SqlPrepared(stmtName)