Check SQL query passed to execute

When `extra_check` feature is activated: Fail when query has a column count > 0 Or when query is readonly.
2025-08-20 21:09:31 +08:00 · 2019-08-26 20:21:23 +02:00
parent 835b69fcb7
commit 00d50199a2
5 changed files with 34 additions and 5 deletions
--- a/src/collation.rs
+++ b/src/collation.rs
@@ -125,7 +125,9 @@ impl InnerConnection {
                    str::from_utf8_unchecked(c_slice)
                };
                callback(&conn, collation_name)
-            }).is_err() {
+            })
+            .is_err()
+            {
                return; // FIXME How ?
            }
        }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -890,7 +890,8 @@ mod test {
            )
            .expect("create temp db");

-        let mut db1 = Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_WRITE).unwrap();
+        let mut db1 =
+            Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_WRITE).unwrap();
        let mut db2 = Connection::open_with_flags(&path, OpenFlags::SQLITE_OPEN_READ_ONLY).unwrap();

        db1.busy_timeout(Duration::from_millis(0)).unwrap();
--- a/src/statement.rs
+++ b/src/statement.rs
@@ -511,6 +511,7 @@ impl Statement<'_> {
    }

    fn execute_with_bound_parameters(&mut self) -> Result<usize> {
+        self.check_update()?;
        let r = self.stmt.step();
        self.stmt.reset();
        match r {
@@ -547,6 +548,30 @@ impl Statement<'_> {
        Ok(())
    }

+    #[cfg(all(feature = "bundled", feature = "extra_check"))]
+    #[inline]
+    fn check_update(&self) -> Result<()> {
+        if self.column_count() > 0 || self.stmt.readonly() {
+            return Err(Error::ExecuteReturnedResults);
+        }
+        Ok(())
+    }
+
+    #[cfg(all(not(feature = "bundled"), feature = "extra_check"))]
+    #[inline]
+    fn check_update(&self) -> Result<()> {
+        if self.column_count() > 0 {
+            return Err(Error::ExecuteReturnedResults);
+        }
+        Ok(())
+    }
+
+    #[cfg(not(feature = "extra_check"))]
+    #[inline]
+    fn check_update(&self) -> Result<()> {
+        Ok(())
+    }
+
    /// Returns a string containing the SQL text of prepared statement with
    /// bound parameters expanded.
    #[cfg(feature = "bundled")]