Página Principal Explorar Ajuda
Iniciar Sessão
kennyh
/
emqx4.3
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 2c61b2bfbb
Ramos Etiquetas
emqx4.3
/
apps
/
emqx_utils
/
src
/
emqx_utils_sql.erl

emqx_utils_sql.erl 6.1 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. %%--------------------------------------------------------------------
    2. 

  2. %% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
    3. 

  3. %%
    4. 

  4. %% Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. %% you may not use this file except in compliance with the License.
    6. 

  6. %% You may obtain a copy of the License at
    7. 

  7. %%
    8. 

  8. %%     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. %%
    10. 

  10. %% Unless required by applicable law or agreed to in writing, software
    11. 

  11. %% distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. %% See the License for the specific language governing permissions and
    14. 

  14. %% limitations under the License.
    15. 

  15. %%--------------------------------------------------------------------
    16. 

  16. 

  17. -module(emqx_utils_sql).
    18. 

  18. 

  19. -export([get_statement_type/1]).
    20. 

  20. -export([parse_insert/1]).
    21. 

  21. 

  22. -export([to_sql_value/1]).
    23. 

  23. -export([to_sql_string/2]).
    24. 

  24. 

  25. -export([escape_sql/1]).
    26. 

  26. -export([escape_cql/1]).
    27. 

  27. -export([escape_mysql/1]).
    28. 

  28. 

  29. -export_type([value/0]).
    30. 

  30. 

  31. -type statement_type() :: select | insert | delete | update.
    32. 

  32. -type value() :: null | binary() | number() | boolean() | [value()].
    33. 

  33. 

  34. -dialyzer({no_improper_lists, [escape_mysql/4, escape_prepend/4]}).
    35. 

  35. 

  36. -spec get_statement_type(iodata()) -> statement_type() | {error, unknown}.
    37. 

  37. get_statement_type(Query) ->
    38. 

  38.     KnownTypes = #{
    39. 

  39.         <<"select">> => select,
    40. 

  40.         <<"insert">> => insert,
    41. 

  41.         <<"update">> => update,
    42. 

  42.         <<"delete">> => delete
    43. 

  43.     },
    44. 

  44.     case re:run(Query, <<"^\\s*([a-zA-Z]+)">>, [{capture, all_but_first, binary}]) of
    45. 

  45.         {match, [Token]} ->
    46. 

  46.             maps:get(string:lowercase(Token), KnownTypes, {error, unknown});
    47. 

  47.         _ ->
    48. 

  48.             {error, unknown}
    49. 

  49.     end.
    50. 

  50. 

  51. %% @doc Parse an INSERT SQL statement into its INSERT part and the VALUES part.
    52. 

  52. %% SQL = <<"INSERT INTO \"abc\" (c1, c2, c3) VALUES (${a}, ${b}, ${c.prop})">>
    53. 

  53. %% {ok, {<<"INSERT INTO \"abc\" (c1, c2, c3)">>, <<"(${a}, ${b}, ${c.prop})">>}}
    54. 

  54. -spec parse_insert(iodata()) ->
    55. 

  55.     {ok, {_Statement :: binary(), _Rows :: binary()}} | {error, not_insert_sql}.
    56. 

  56. parse_insert(SQL) ->
    57. 

  57.     case re:split(SQL, "((?i)values)", [{return, binary}]) of
    58. 

  58.         [Part1, _, Part3] ->
    59. 

  59.             case string:trim(Part1, leading) of
    60. 

  60.                 <<"insert", _/binary>> = InsertSQL ->
    61. 

  61.                     {ok, {InsertSQL, Part3}};
    62. 

  62.                 <<"INSERT", _/binary>> = InsertSQL ->
    63. 

  63.                     {ok, {InsertSQL, Part3}};
    64. 

  64.                 _ ->
    65. 

  65.                     {error, not_insert_sql}
    66. 

  66.             end;
    67. 

  67.         _ ->
    68. 

  68.             {error, not_insert_sql}
    69. 

  69.     end.
    70. 

  70. 

  71. %% @doc Convert an Erlang term to a value that can be used primarily in
    72. 

  72. %% prepared SQL statements.
    73. 

  73. -spec to_sql_value(term()) -> value().
    74. 

  74. to_sql_value(undefined) -> null;
    75. 

  75. to_sql_value(List) when is_list(List) -> List;
    76. 

  76. to_sql_value(Bin) when is_binary(Bin) -> Bin;
    77. 

  77. to_sql_value(Num) when is_number(Num) -> Num;
    78. 

  78. to_sql_value(Bool) when is_boolean(Bool) -> Bool;
    79. 

  79. to_sql_value(Atom) when is_atom(Atom) -> atom_to_binary(Atom, utf8);
    80. 

  80. to_sql_value(Map) when is_map(Map) -> emqx_utils_json:encode(Map).
    81. 

  81. 

  82. %% @doc Convert an Erlang term to a string that can be interpolated in literal
    83. 

  83. %% SQL statements. The value is escaped if necessary.
    84. 

  84. -spec to_sql_string(term(), Options) -> unicode:chardata() when
    85. 

  85.     Options :: #{
    86. 

  86.         escaping => mysql | sql | cql,
    87. 

  87.         undefined => null | unicode:chardata()
    88. 

  88.     }.
    89. 

  89. to_sql_string(undefined, #{undefined := Str} = Opts) when Str =/= null ->
    90. 

  90.     to_sql_string(Str, Opts);
    91. 

  91. to_sql_string(undefined, #{}) ->
    92. 

  92.     <<"NULL">>;
    93. 

  93. to_sql_string(String, #{escaping := mysql}) when is_binary(String) ->
    94. 

  94.     try
    95. 

  95.         escape_mysql(String)
    96. 

  96.     catch
    97. 

  97.         throw:invalid_utf8 ->
    98. 

  98.             [<<"0x">>, binary:encode_hex(String)]
    99. 

  99.     end;
    100. 

  100. to_sql_string(Term, #{escaping := mysql}) ->
    101. 

  101.     maybe_escape(Term, fun escape_mysql/1);
    102. 

  102. to_sql_string(Term, #{escaping := cql}) ->
    103. 

  103.     maybe_escape(Term, fun escape_cql/1);
    104. 

  104. to_sql_string(Term, #{}) ->
    105. 

  105.     maybe_escape(Term, fun escape_sql/1).
    106. 

  106. 

  107. -spec maybe_escape(_Value, fun((binary()) -> iodata())) -> unicode:chardata().
    108. 

  108. maybe_escape(Str, EscapeFun) when is_binary(Str) ->
    109. 

  109.     EscapeFun(Str);
    110. 

  110. maybe_escape(Str, EscapeFun) when is_list(Str) ->
    111. 

  111.     case unicode:characters_to_binary(Str) of
    112. 

  112.         Bin when is_binary(Bin) ->
    113. 

  113.             EscapeFun(Bin);
    114. 

  114.         Otherwise ->
    115. 

  115.             error(Otherwise)
    116. 

  116.     end;
    117. 

  117. maybe_escape(Val, EscapeFun) when is_atom(Val) orelse is_map(Val) ->
    118. 

  118.     EscapeFun(emqx_template:to_string(Val));
    119. 

  119. maybe_escape(Val, _EscapeFun) ->
    120. 

  120.     emqx_template:to_string(Val).
    121. 

  121. 

  122. -spec escape_sql(binary()) -> iodata().
    123. 

  123. escape_sql(S) ->
    124. 

  124.     % NOTE
    125. 

  125.     % This is a bit misleading: currently, escaping logic in `escape_sql/1` likely
    126. 

  126.     % won't work with pgsql since it does not support C-style escapes by default.
    127. 

  127.     % https://www.postgresql.org/docs/14/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
    128. 

  128.     ES = binary:replace(S, [<<"\\">>, <<"'">>], <<"\\">>, [global, {insert_replaced, 1}]),
    129. 

  129.     [$', ES, $'].
    130. 

  130. 

  131. -spec escape_cql(binary()) -> iodata().
    132. 

  132. escape_cql(S) ->
    133. 

  133.     ES = binary:replace(S, <<"'">>, <<"'">>, [global, {insert_replaced, 1}]),
    134. 

  134.     [$', ES, $'].
    135. 

  135. 

  136. -spec escape_mysql(binary()) -> iodata().
    137. 

  137. escape_mysql(S0) ->
    138. 

  138.     % https://dev.mysql.com/doc/refman/8.0/en/string-literals.html
    139. 

  139.     [$', escape_mysql(S0, 0, 0, S0), $'].
    140. 

  140. 

  141. %% NOTE
    142. 

  142. %% This thing looks more complicated than needed because it's optimized for as few
    143. 

  143. %% intermediate memory (re)allocations as possible.
    144. 

  144. escape_mysql(<<$', Rest/binary>>, I, Run, Src) ->
    145. 

  145.     escape_prepend(I, Run, Src, [<<"\\'">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    146. 

  146. escape_mysql(<<$\\, Rest/binary>>, I, Run, Src) ->
    147. 

  147.     escape_prepend(I, Run, Src, [<<"\\\\">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    148. 

  148. escape_mysql(<<0, Rest/binary>>, I, Run, Src) ->
    149. 

  149.     escape_prepend(I, Run, Src, [<<"\\0">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    150. 

  150. escape_mysql(<<_/utf8, Rest/binary>> = S, I, Run, Src) ->
    151. 

  151.     CWidth = byte_size(S) - byte_size(Rest),
    152. 

  152.     escape_mysql(Rest, I, Run + CWidth, Src);
    153. 

  153. escape_mysql(<<>>, 0, _, Src) ->
    154. 

  154.     Src;
    155. 

  155. escape_mysql(<<>>, I, Run, Src) ->
    156. 

  156.     binary:part(Src, I, Run);
    157. 

  157. escape_mysql(_, _I, _Run, _Src) ->
    158. 

  158.     throw(invalid_utf8).
    159. 

  159. 

  160. escape_prepend(_RunI, 0, _Src, Tail) ->
    161. 

  161.     Tail;
    162. 

  162. escape_prepend(I, Run, Src, Tail) ->
    163. 

  163.     [binary:part(Src, I, Run) | Tail].
    164.