Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.Net: Net MEVD: Sqlite escape table and column names, treat empty batches as NOP #11252

Open
wants to merge 6 commits into
base: feature-vector-data-preb2
Choose a base branch
from
Open

.Net: Net MEVD: Sqlite escape table and column names, treat empty batches as NOP #11252

wants to merge 6 commits into from

Conversation

adamsitnik
Copy link
Member

fixes #11251

contributes to #10194

@adamsitnik adamsitnik requested review from roji and westey-m March 28, 2025 13:07
@adamsitnik adamsitnik requested a review from a team as a code owner March 28, 2025 13:07
@markwallace-microsoft markwallace-microsoft added .NET Issue or Pull requests regarding .NET code kernel Issues or pull requests impacting the core kernel memory labels Mar 28, 2025
@github-actions github-actions bot changed the title Net MEVD: Sqlite escape table and column names, treat empty batches as NOP .Net: Net MEVD: Sqlite escape table and column names, treat empty batches as NOP Mar 28, 2025
@adamsitnik adamsitnik mentioned this pull request Mar 31, 2025
Merged
roji
roji requested changes Apr 1, 2025
View reviewed changes
dotnet/src/Connectors/Connectors.Memory.Sqlite/Conditions/SqliteWhereCondition.cs
@@ -15,6 +15,6 @@ internal abstract class SqliteWhereCondition(string operand, List<object> values
public abstract string BuildQuery(List<string> parameterNames);

protected string GetOperand() => !string.IsNullOrWhiteSpace(this.TableName) ?
$"{this.TableName}.{this.Operand}" :
this.Operand;
$"[{this.TableName}].[{this.Operand}]" :
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In SQLite, the standard quoting mechanism is double-quoted (the square brackets is more of a SQL Server thing). In fact I'm surprised this works!

Also, don't we need to escape TableName and Operand, in case they contain special characters?

I'd maybe suggest having a single method somewhere (RenderSqlIdentifier?) which does the quoting and escaping, and used from everywhere (for column, table, index names...).

@adamsitnik adamsitnik mentioned this pull request Apr 4, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roji roji roji requested changes

@westey-m westey-m westey-m approved these changes

Assignees
No one assigned
Labels
kernel Issues or pull requests impacting the core kernel memory .NET Issue or Pull requests regarding .NET code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@adamsitnik @roji @westey-m @markwallace-microsoft