Начало Каталог Помощ
Вход
kennyh
/
emqx4.3
1
0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
ИН на ревизия: b5b6c3f8cc
Клонове Маркери
emqx4.3
/
apps
/
emqx_utils
/
src
/
emqx_utils_sql.erl

emqx_utils_sql.erl 6.1 KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. %%--------------------------------------------------------------------
    2. 

  2. %% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
    3. 

  3. %%
    4. 

  4. %% Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. %% you may not use this file except in compliance with the License.
    6. 

  6. %% You may obtain a copy of the License at
    7. 

  7. %%
    8. 

  8. %%     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. %%
    10. 

  10. %% Unless required by applicable law or agreed to in writing, software
    11. 

  11. %% distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. %% See the License for the specific language governing permissions and
    14. 

  14. %% limitations under the License.
    15. 

  15. %%--------------------------------------------------------------------
    16. 

  16. 

  17. -module(emqx_utils_sql).
    18. 

  18. 

  19. -export([get_statement_type/1]).
    20. 

  20. -export([parse_insert/1]).
    21. 

  21. 

  22. -export([to_sql_value/1]).
    23. 

  23. -export([to_sql_string/2]).
    24. 

  24. 

  25. -export([escape_sql/1]).
    26. 

  26. -export([escape_cql/1]).
    27. 

  27. -export([escape_mysql/1]).
    28. 

  28. 

  29. -export_type([value/0]).
    30. 

  30. 

  31. -type statement_type() :: select | insert | delete.
    32. 

  32. -type value() :: null | binary() | number() | boolean() | [value()].
    33. 

  33. 

  34. -dialyzer({no_improper_lists, [escape_mysql/4, escape_prepend/4]}).
    35. 

  35. 

  36. -spec get_statement_type(iodata()) -> statement_type() | {error, unknown}.
    37. 

  37. get_statement_type(Query) ->
    38. 

  38.     KnownTypes = #{
    39. 

  39.         <<"select">> => select,
    40. 

  40.         <<"insert">> => insert,
    41. 

  41.         <<"delete">> => delete
    42. 

  42.     },
    43. 

  43.     case re:run(Query, <<"^\\s*([a-zA-Z]+)">>, [{capture, all_but_first, binary}]) of
    44. 

  44.         {match, [Token]} ->
    45. 

  45.             maps:get(string:lowercase(Token), KnownTypes, {error, unknown});
    46. 

  46.         _ ->
    47. 

  47.             {error, unknown}
    48. 

  48.     end.
    49. 

  49. 

  50. %% @doc Parse an INSERT SQL statement into its INSERT part and the VALUES part.
    51. 

  51. %% SQL = <<"INSERT INTO \"abc\" (c1, c2, c3) VALUES (${a}, ${b}, ${c.prop})">>
    52. 

  52. %% {ok, {<<"INSERT INTO \"abc\" (c1, c2, c3)">>, <<"(${a}, ${b}, ${c.prop})">>}}
    53. 

  53. -spec parse_insert(iodata()) ->
    54. 

  54.     {ok, {_Statement :: binary(), _Rows :: binary()}} | {error, not_insert_sql}.
    55. 

  55. parse_insert(SQL) ->
    56. 

  56.     case re:split(SQL, "((?i)values)", [{return, binary}]) of
    57. 

  57.         [Part1, _, Part3] ->
    58. 

  58.             case string:trim(Part1, leading) of
    59. 

  59.                 <<"insert", _/binary>> = InsertSQL ->
    60. 

  60.                     {ok, {InsertSQL, Part3}};
    61. 

  61.                 <<"INSERT", _/binary>> = InsertSQL ->
    62. 

  62.                     {ok, {InsertSQL, Part3}};
    63. 

  63.                 _ ->
    64. 

  64.                     {error, not_insert_sql}
    65. 

  65.             end;
    66. 

  66.         _ ->
    67. 

  67.             {error, not_insert_sql}
    68. 

  68.     end.
    69. 

  69. 

  70. %% @doc Convert an Erlang term to a value that can be used primarily in
    71. 

  71. %% prepared SQL statements.
    72. 

  72. -spec to_sql_value(term()) -> value().
    73. 

  73. to_sql_value(undefined) -> null;
    74. 

  74. to_sql_value(List) when is_list(List) -> List;
    75. 

  75. to_sql_value(Bin) when is_binary(Bin) -> Bin;
    76. 

  76. to_sql_value(Num) when is_number(Num) -> Num;
    77. 

  77. to_sql_value(Bool) when is_boolean(Bool) -> Bool;
    78. 

  78. to_sql_value(Atom) when is_atom(Atom) -> atom_to_binary(Atom, utf8);
    79. 

  79. to_sql_value(Map) when is_map(Map) -> emqx_utils_json:encode(Map).
    80. 

  80. 

  81. %% @doc Convert an Erlang term to a string that can be interpolated in literal
    82. 

  82. %% SQL statements. The value is escaped if necessary.
    83. 

  83. -spec to_sql_string(term(), Options) -> unicode:chardata() when
    84. 

  84.     Options :: #{
    85. 

  85.         escaping => mysql | sql | cql,
    86. 

  86.         undefined => null | unicode:chardata()
    87. 

  87.     }.
    88. 

  88. to_sql_string(undefined, #{undefined := Str} = Opts) when Str =/= null ->
    89. 

  89.     to_sql_string(Str, Opts);
    90. 

  90. to_sql_string(undefined, #{}) ->
    91. 

  91.     <<"NULL">>;
    92. 

  92. to_sql_string(String, #{escaping := mysql}) when is_binary(String) ->
    93. 

  93.     try
    94. 

  94.         escape_mysql(String)
    95. 

  95.     catch
    96. 

  96.         throw:invalid_utf8 ->
    97. 

  97.             [<<"0x">>, binary:encode_hex(String)]
    98. 

  98.     end;
    99. 

  99. to_sql_string(Term, #{escaping := mysql}) ->
    100. 

  100.     maybe_escape(Term, fun escape_mysql/1);
    101. 

  101. to_sql_string(Term, #{escaping := cql}) ->
    102. 

  102.     maybe_escape(Term, fun escape_cql/1);
    103. 

  103. to_sql_string(Term, #{}) ->
    104. 

  104.     maybe_escape(Term, fun escape_sql/1).
    105. 

  105. 

  106. -spec maybe_escape(_Value, fun((binary()) -> iodata())) -> unicode:chardata().
    107. 

  107. maybe_escape(Str, EscapeFun) when is_binary(Str) ->
    108. 

  108.     EscapeFun(Str);
    109. 

  109. maybe_escape(Str, EscapeFun) when is_list(Str) ->
    110. 

  110.     case unicode:characters_to_binary(Str) of
    111. 

  111.         Bin when is_binary(Bin) ->
    112. 

  112.             EscapeFun(Bin);
    113. 

  113.         Otherwise ->
    114. 

  114.             error(Otherwise)
    115. 

  115.     end;
    116. 

  116. maybe_escape(Val, EscapeFun) when is_atom(Val) orelse is_map(Val) ->
    117. 

  117.     EscapeFun(emqx_template:to_string(Val));
    118. 

  118. maybe_escape(Val, _EscapeFun) ->
    119. 

  119.     emqx_template:to_string(Val).
    120. 

  120. 

  121. -spec escape_sql(binary()) -> iodata().
    122. 

  122. escape_sql(S) ->
    123. 

  123.     % NOTE
    124. 

  124.     % This is a bit misleading: currently, escaping logic in `escape_sql/1` likely
    125. 

  125.     % won't work with pgsql since it does not support C-style escapes by default.
    126. 

  126.     % https://www.postgresql.org/docs/14/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
    127. 

  127.     ES = binary:replace(S, [<<"\\">>, <<"'">>], <<"\\">>, [global, {insert_replaced, 1}]),
    128. 

  128.     [$', ES, $'].
    129. 

  129. 

  130. -spec escape_cql(binary()) -> iodata().
    131. 

  131. escape_cql(S) ->
    132. 

  132.     ES = binary:replace(S, <<"'">>, <<"'">>, [global, {insert_replaced, 1}]),
    133. 

  133.     [$', ES, $'].
    134. 

  134. 

  135. -spec escape_mysql(binary()) -> iodata().
    136. 

  136. escape_mysql(S0) ->
    137. 

  137.     % https://dev.mysql.com/doc/refman/8.0/en/string-literals.html
    138. 

  138.     [$', escape_mysql(S0, 0, 0, S0), $'].
    139. 

  139. 

  140. %% NOTE
    141. 

  141. %% This thing looks more complicated than needed because it's optimized for as few
    142. 

  142. %% intermediate memory (re)allocations as possible.
    143. 

  143. escape_mysql(<<$', Rest/binary>>, I, Run, Src) ->
    144. 

  144.     escape_prepend(I, Run, Src, [<<"\\'">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    145. 

  145. escape_mysql(<<$\\, Rest/binary>>, I, Run, Src) ->
    146. 

  146.     escape_prepend(I, Run, Src, [<<"\\\\">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    147. 

  147. escape_mysql(<<0, Rest/binary>>, I, Run, Src) ->
    148. 

  148.     escape_prepend(I, Run, Src, [<<"\\0">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    149. 

  149. escape_mysql(<<_/utf8, Rest/binary>> = S, I, Run, Src) ->
    150. 

  150.     CWidth = byte_size(S) - byte_size(Rest),
    151. 

  151.     escape_mysql(Rest, I, Run + CWidth, Src);
    152. 

  152. escape_mysql(<<>>, 0, _, Src) ->
    153. 

  153.     Src;
    154. 

  154. escape_mysql(<<>>, I, Run, Src) ->
    155. 

  155.     binary:part(Src, I, Run);
    156. 

  156. escape_mysql(_, _I, _Run, _Src) ->
    157. 

  157.     throw(invalid_utf8).
    158. 

  158. 

  159. escape_prepend(_RunI, 0, _Src, Tail) ->
    160. 

  160.     Tail;
    161. 

  161. escape_prepend(I, Run, Src, Tail) ->
    162. 

  162.     [binary:part(Src, I, Run) | Tail].
    163.