Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds support for {uuid:...} as a database query token #7968

Merged
merged 1 commit into from
Dec 23, 2023
Merged

Adds support for {uuid:...} as a database query token #7968

merged 1 commit into from
Dec 23, 2023

Conversation

Sesquipedalian
Copy link
Member

@Sesquipedalian Sesquipedalian commented Dec 23, 2023
edited
Loading

Adds support for using {uuid:...} as a database query type token in the replacement__callback() methods of our DatabaseApi classes.

This allows us to perform input sanitization on SMF\Uuid objects and/or plain UUID strings that are passed as parameters to queries.

Example:

Db::$db->query(
	'',
	'UPDATE {db_prefix}tablename
	SET foo = {uuid:bar}
	WHERE id = {int:id_number}'
	[
		'id_number' => 1,
		'bar' = new Uuid(7),
	]
);

Prior to this PR, the best we could have done would have been to cast the Uuid object to a string and then used {string:bar} in the query. That was inadequate for two reasons:

  1. Treating UUIDs as strings would not have provided any guarantee that the value of the bar parameter really was a UUID.
  2. Treating UUIDs as strings would have prevented us from using optimized data types for storing UUIDs. In PostgreSQL, it is best to store UUIDs using the dedicated UUID data type. In MySQL, it is best to store UUIDs in raw binary form.

@albertlast: I don't have a PostgreSQL instance up and running at the moment. Could you please test to verify that this code behaves as expected on PostgreSQL?

To do that, please:

  1. Create a table in your SMF database something like this, and then insert a row into it.
CREATE TABLE tablename (
	id serial primary key,
	foo uuid not null
);
  1. Run the example code given earlier in this post and make sure it works as expected. The results should be that a new UUIDv7 is stored in the foo column of row 1.

@Sesquipedalian Sesquipedalian added this to the 3.0 Alpha 1 milestone Dec 23, 2023
albertlast
albertlast suggested changes Dec 23, 2023
View reviewed changes
Sources/Db/APIs/PostgreSQL.php Outdated
@@ -2328,6 +2329,21 @@ protected function replacement__callback(array $matches): string
case 'raw':
return (string) $replacement;

case 'uuid':
if ($replacement instanceof Uuid) {
return (string) $replacement;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quotes are missing,
since we had to add them we can also force the datatype:

return sprintf('\'%1$s\'::uuid', (string) $replacement);

Sources/Db/APIs/PostgreSQL.php Outdated
$uuid = @Uuid::createFromString($replacement, false);

if (in_array($replacement, [(string) $uuid, $uuid->getShortForm(), $uuid->getBinary()])) {
return (string) $uuid;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quotes are missing,
since we had to add them we can also force the datatype:

return sprintf('\'%1$s\'::uuid',  (string) $uuid);

@Sesquipedalian
Copy link
Member Author

Thanks, @albertlast.

@Sesquipedalian Sesquipedalian merged commit c977075 into SimpleMachines:release-3.0 Dec 23, 2023
3 checks passed
@Sesquipedalian Sesquipedalian deleted the uuid_db branch December 23, 2023 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@albertlast albertlast albertlast requested changes

Assignees
No one assigned
Labels
Database
Projects
None yet
Milestone
3.0 Alpha 1
Development

Successfully merging this pull request may close these issues.
2 participants
@Sesquipedalian @albertlast