diff options
author | JamesP <jlp765@gmail.com> | 2015-09-17 09:42:40 +1000 |
---|---|---|
committer | Dominik Picheta <dominikpicheta@gmail.com> | 2015-10-27 11:05:59 +0100 |
commit | 4e19106221931615142384cd82dd07fc3e0f8cc6 (patch) | |
tree | a0624631c4b8d891068f9b68bb27e18dc230b7f0 /lib | |
parent | 86e2d6ee907d4573fecfd2faded6e700cf75c8a3 (diff) | |
download | Nim-4e19106221931615142384cd82dd07fc3e0f8cc6.tar.gz |
add check to dbFormat() to verify parameter substitution has "?" identifier
add check to prepare() that parameter substitution has "$1" identifier
Diffstat (limited to 'lib')
-rw-r--r-- | lib/impure/db_postgres.nim | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/impure/db_postgres.nim b/lib/impure/db_postgres.nim index b75915a72..875eded76 100644 --- a/lib/impure/db_postgres.nim +++ b/lib/impure/db_postgres.nim @@ -64,6 +64,8 @@ proc dbQuote*(s: string): string = proc dbFormat(formatstr: SqlQuery, args: varargs[string]): string = result = "" var a = 0 + if args.len > 0 and not string(formatstr).contains("?"): + dbError("""parameter substitution expects "?" """) for c in items(string(formatstr)): if c == '?': if args[a] == nil: @@ -125,6 +127,8 @@ proc setupQuery(db: DbConn, stmtName: SqlPrepared, proc prepare*(db: DbConn; stmtName: string, query: SqlQuery; nParams: int): SqlPrepared = + if nParams > 0 and not string(query).contains("$1"): + dbError("""parameter substitution expects "$1" """) var res = pqprepare(db, stmtName, query.string, int32(nParams), nil) if pqResultStatus(res) != PGRES_COMMAND_OK: dbError(db) return SqlPrepared(stmtName) |