Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sanitization): support bigint params by not wrapping them in quotes #159

Merged
merged 2 commits into from
Jan 18, 2024
Merged

feat(sanitization): support bigint params by not wrapping them in quotes #159

merged 2 commits into from
Jan 18, 2024

Conversation

jkomyno
Copy link
Contributor

@jkomyno jkomyno commented Jan 18, 2024

Hi 👋🏻, Alberto from @prisma here.

This PR fixes a surprising behavior we at @prisma found while adding new tests for an internal PR related to our new Driver Adapters feature.

We noticed that the JavaScript PlanetScale driver currently doesn't support bigint query parameters: these parameters are treated as strings by the client-side sanitization routine, causing SQL syntax errors at runtime.
For instance, SELECT * FROM user LIMIT ? with parameters [1n] is validated as SELECT * FROM user LIMIT '1', which of course results in a SQL error.

Here is the relevant output of pnpm test after adding this new test:

 FAIL  __tests__/sanitization.test.ts
  ● sanitization › format › formats bigint values

    expect(received).toEqual(expected) // deep equality

    Expected: "select 1 from user where id=12 and id2=42 and id3=9223372036854775807"
    Received: "select 1 from user where id='12' and id2='42' and id3='9223372036854775807'"

      40 |       const query = 'select 1 from user where id=? and id2=? and id3=?'
      41 |       const expected = 'select 1 from user where id=12 and id2=42 and id3=9223372036854775807'
    > 42 |       expect(format(query, [12n, 42n, 9223372036854775807n])).toEqual(expected)
         |                                                               ^
      43 |     })
      44 |
      45 |     test('formats string values', () => {

      at Object.<anonymous> (__tests__/sanitization.test.ts:42:63)

If we apply the same sanitization logic currently applied on number query parameters, the tests pass.

 PASS  __tests__/sanitization.test.ts
 PASS  __tests__/index.test.ts
 PASS  __tests__/text.test.ts

Test Suites: 3 passed, 3 total
Tests:       54 passed, 54 total
Snapshots:   0 total
Time:        0.604 s, estimated 1 s
Ran all test suites

I'm of course available for feedback concerning this PR :)

@jkomyno jkomyno mentioned this pull request Jan 18, 2024
Merged
@jkomyno jkomyno marked this pull request as ready for review January 18, 2024 18:51
@mattrobenolt mattrobenolt requested a review from ayrton January 18, 2024 18:52
ayrton
ayrton approved these changes Jan 18, 2024
View reviewed changes
Copy link
Contributor

@ayrton ayrton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution Alberto. This looks great

@ayrton ayrton merged commit e3a5e04 into planetscale:main Jan 18, 2024
5 checks passed
@shiyuhang0 shiyuhang0 mentioned this pull request Feb 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayrton ayrton ayrton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jkomyno @ayrton