Merge pull request #93 from simonbyrne/sb/escape

quinnj · quinnj · commit 29de2b6b4b21 · 2015-12-17T07:26:51.000-07:00
escape identifiers in SQL statements
diff --git a/src/SQLite.jl b/src/SQLite.jl
@@ -187,6 +187,13 @@ function execute!(db::DB,sql::AbstractString)
     return execute!(stmt)
 end
 
+"Escape SQLite identifiers (e.g. column, table or index names). Can be either
+a string, or a vector of strings (note does not check for null characters).
+A vector of identifiers will be separated by commas."
+esc_id(x::AbstractString) = "\""*replace(x,"\"","\"\"")*"\""
+esc_id{S<:AbstractString}(X::AbstractVector{S}) = join(map(esc_id,X),',')
+
+
 # Transaction-based commands
 """
 Begin a transaction in the spedified `mode`, default = "DEFERRED".
@@ -232,43 +239,46 @@ rollback(db) = execute!(db, "ROLLBACK TRANSACTION;")
 rollback(db, name) = execute!(db, "ROLLBACK TRANSACTION TO SAVEPOINT $(name);")
 
 "drop the SQLite table `table` from the database `db`; `ifexists=true` will prevent an error being thrown if `table` doesn't exist"
-function drop!(db::DB,table::AbstractString;ifexists::Bool=false)
-    exists = ifexists ? "if exists" : ""
+function drop!(db::DB, table::AbstractString; ifexists::Bool=false)
+    exists = ifexists ? "IF EXISTS" : ""
     transaction(db) do
-        execute!(db,"drop table $exists $table")
+        execute!(db,"DROP TABLE $exists $(esc_id(table))")
     end
-    execute!(db,"vacuum")
+    execute!(db,"VACUUM")
     return
 end
+
 "drop the SQLite index `index` from the database `db`; `ifexists=true` will not return an error if `index` doesn't exist"
 function dropindex!(db::DB,index::AbstractString;ifexists::Bool=false)
-    exists = ifexists ? "if exists" : ""
+    exists = ifexists ? "IF EXISTS" : ""
     transaction(db) do
-        execute!(db,"drop index $exists $index")
+        execute!(db,"DROP INDEX $exists $(esc_id(index))")
     end
     return
 end
+
 """
-create the SQLite index `index` on the table `table` using `cols`, which may be a single column or comma-delimited list of columns.
+create the SQLite index `index` on the table `table` using `cols`, which may be a single column or vector of columns.
 `unique` specifies whether the index will be unique or not.
 `ifnotexists=true` will not throw an error if the index already exists
 """
-function createindex!(db::DB,table::AbstractString,index::AbstractString,cols
-                    ;unique::Bool=true,ifnotexists::Bool=false)
-    u = unique ? "unique" : ""
-    exists = ifnotexists ? "if not exists" : ""
+function createindex!{S<:AbstractString}(db::DB,table::AbstractString,index::AbstractString,cols::Union{S,AbstractVector{S}}
+                      ;unique::Bool=true,ifnotexists::Bool=false)
+    u = unique ? "UNIQUE" : ""
+    exists = ifnotexists ? "IF NOT EXISTS" : ""
     transaction(db) do
-        execute!(db,"create $u index $exists $index on $table ($cols)")
+        execute!(db,"CREATE $u INDEX $exists $(esc_id(index)) ON $(esc_id(table)) ($(esc_id(cols))")
     end
-    execute!(db,"analyze $index")
+    execute!(db,"ANALYZE $index")
     return
 end
+
 "removes duplicate rows from `table` based on the values in `cols` which may be a single column or comma-delimited list of columns"
 function removeduplicates!(db,table::AbstractString,cols::AbstractString)
     transaction(db) do
-        execute!(db,"delete from $table where rowid not in (select max(rowid) from $table group by $cols);")
+        execute!(db,"DELETE FROM $(esc_id(table)) WHERE _ROWID_ NOT IN (SELECT max(_ROWID_) from $(esc_id(table)) GROUP BY $(esc_id(cols)));")
     end
-    execute!(db,"analyze $table")
+    execute!(db,"ANALYZE $table")
     return
 end
 
diff --git a/src/Sink.jl b/src/Sink.jl
@@ -14,11 +14,11 @@ can optionally provide an existing SQLite table name or new name that a created
 function Sink(schema::Data.Schema,db::DB,tablename::AbstractString="julia_"*randstring();temp::Bool=false,ifnotexists::Bool=true)
     rows, cols = size(schema)
     temp = temp ? "TEMP" : ""
-    ifnotexists = ifnotexists ? "if not exists" : ""
-    columns = [string(schema.header[i],' ',sqlitetype(schema.types[i])) for i = 1:cols]
-    SQLite.execute!(db,"CREATE $temp TABLE $ifnotexists $tablename ($(join(columns,',')))")
+    ifnotexists = ifnotexists ? "IF NOT EXISTS" : ""
+    columns = [string(esc_id(schema.header[i]),' ',sqlitetype(schema.types[i])) for i = 1:cols]
+    SQLite.execute!(db,"CREATE $temp TABLE $ifnotexists $(esc_id(tablename)) ($(join(columns,',')))")
     params = chop(repeat("?,",cols))
-    stmt = SQLite.Stmt(db,"insert into $tablename values ($params)")
+    stmt = SQLite.Stmt(db,"INSERT INTO $(esc_id(tablename)) VALUES ($params)")
     return Sink(schema,db,utf8(tablename),stmt)
 end
 
@@ -58,7 +58,7 @@ function Data.stream!(dt::Data.Table,sink::SQLite.Sink)
             end
         end
     end
-    SQLite.execute!(sink.db,"analyze $(sink.tablename)")
+    SQLite.execute!(sink.db,"ANALYZE $(esc_id(sink.tablename))")
     return sink
 end
 # CSV.Source
@@ -90,6 +90,6 @@ function Data.stream!(source::CSV.Source,sink::SQLite.Sink)
             end
         end
     end
-    SQLite.execute!(sink.db,"analyze $(sink.tablename)")
+    SQLite.execute!(sink.db,"ANALYZE $(esc_id(sink.tablename))")
     return sink
 end
diff --git a/src/Source.jl b/src/Source.jl
@@ -132,9 +132,10 @@ function query(db::DB,sql::AbstractString, values=[];rows::Int=0,stricttypes::Bo
     so = Source(db,sql,values;rows=rows,stricttypes=stricttypes)
     return Data.stream!(so,Data.Table)
 end
+
 "returns a list of tables in `db`"
 tables(db::DB) = query(db,"SELECT name FROM sqlite_master WHERE type='table';")
 "returns a list of indices in `db`"
 indices(db::DB) = query(db,"SELECT name FROM sqlite_master WHERE type='index';")
 "returns a list of columns in `table`"
-columns(db::DB,table::AbstractString) = query(db,"pragma table_info($table)")
+columns(db::DB,table::AbstractString) = query(db,"PRAGMA table_info($(esc_id(table)))")
