summary refs log tree commit diff stats
path: root/lib
diff options
context:
space:
mode:
authorJamesP <jlp765@gmail.com>2015-09-17 09:42:40 +1000
committerDominik Picheta <dominikpicheta@gmail.com>2015-10-27 11:05:59 +0100
commit4e19106221931615142384cd82dd07fc3e0f8cc6 (patch)
treea0624631c4b8d891068f9b68bb27e18dc230b7f0 /lib
parent86e2d6ee907d4573fecfd2faded6e700cf75c8a3 (diff)
downloadNim-4e19106221931615142384cd82dd07fc3e0f8cc6.tar.gz
add check to dbFormat() to verify parameter substitution has "?" identifier
add check to prepare() that parameter substitution has "$1" identifier
Diffstat (limited to 'lib')
-rw-r--r--lib/impure/db_postgres.nim4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/impure/db_postgres.nim b/lib/impure/db_postgres.nim
index b75915a72..875eded76 100644
--- a/lib/impure/db_postgres.nim
+++ b/lib/impure/db_postgres.nim
@@ -64,6 +64,8 @@ proc dbQuote*(s: string): string =
 proc dbFormat(formatstr: SqlQuery, args: varargs[string]): string =
   result = ""
   var a = 0
+  if args.len > 0 and not string(formatstr).contains("?"):
+    dbError("""parameter substitution expects "?" """)
   for c in items(string(formatstr)):
     if c == '?':
       if args[a] == nil:
@@ -125,6 +127,8 @@ proc setupQuery(db: DbConn, stmtName: SqlPrepared,
 
 proc prepare*(db: DbConn; stmtName: string, query: SqlQuery;
               nParams: int): SqlPrepared =
+  if nParams > 0 and not string(query).contains("$1"):
+    dbError("""parameter substitution expects "$1" """)
   var res = pqprepare(db, stmtName, query.string, int32(nParams), nil)
   if pqResultStatus(res) != PGRES_COMMAND_OK: dbError(db)
   return SqlPrepared(stmtName)