From e308b0c1f9e35dc62d094684a69c8037592f108e Mon Sep 17 00:00:00 2001 From: tmdoit Date: Thu, 19 Jul 2018 13:33:43 +0200 Subject: [PATCH] Add support for batch of SQL statements (#466) * Add support for batch of SQL statements --- storage/sqlite/sqlite.html | 6 ++++-- storage/sqlite/sqlite.js | 21 +++++++++++++++++---- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/storage/sqlite/sqlite.html b/storage/sqlite/sqlite.html index a38a0519..78a0d322 100644 --- a/storage/sqlite/sqlite.html +++ b/storage/sqlite/sqlite.html @@ -34,6 +34,7 @@ +
@@ -53,7 +54,8 @@

SQL Query Via msg.topic and Fixed Statement uses the db.all operation against the configured database. This does allow INSERTS, UPDATES and DELETES. By its very nature it is SQL injection... so be careful out there...

SQL Type Prepared Statement also uses db.all but sanitizes parameters passed, eliminating the possibility of SQL injection.

-

When using msg.topic msg.topic must hold the query for the database.

+

SQL Type Batch without response uses db.exec which runs all SQL statements in the provided string. No result rows are returned.

+

When using Via msg.topic or Batch without response msg.topic must hold the query for the database.

When using Normal or Prepared the query must be entered in the node config.

Pass in the parameters as an object in msg.params for Prepared. Ex:
msg.params = {
@@ -111,7 +113,7 @@ }); $("#node-input-sqlquery").change(function() { - if ($("#node-input-sqlquery").val() == "msg.topic"){ + if ($("#node-input-sqlquery").val() == "msg.topic" || $("#node-input-sqlquery").val() == "batch"){ $("#node-input-sqllabel").hide(); $("#node-input-sql-editor").hide(); } diff --git a/storage/sqlite/sqlite.js b/storage/sqlite/sqlite.js index bb5b8dd4..ffb0ab9f 100644 --- a/storage/sqlite/sqlite.js +++ b/storage/sqlite/sqlite.js @@ -55,10 +55,23 @@ module.exports = function(RED) { }); } else { - if (typeof msg.topic !== 'string') { - node.error("msg.topic : the query is not defined as a string",msg); - node.status({fill:"red",shape:"dot",text:"msg.topic error"}); - } + node.error("msg.topic : the query is not defined as a string",msg); + node.status({fill:"red",shape:"dot",text:"msg.topic error"}); + } + } + if (this.sqlquery == "batch") { + if (typeof msg.topic === 'string') { + node.mydbConfig.db.exec(msg.topic, function(err) { + if (err) { node.error(err,msg);} + else { + msg.payload = []; + node.send(msg); + } + }); + } + else { + node.error("msg.topic : the query is not defined as string", msg); + node.status({fill:"red", shape:"dot",text:"msg.topic error"}); } } if (this.sqlquery == "fixed"){