checking select query syntax and semantics via php without executing

checking select query syntax and semantics via php without executing

am 05.10.2009 23:34:32 von Marco Dieckhoff

Hi there!

Is it possible in PHP to give a sql (select) query to Postgres via pg_*
so that it is NOT executed but merely checked for syntax including
correct, existing field and table names, and data types?


I'm working on a system where users may assemble their own query in a
construction kit, and want that to be checked, so that they don't e.g.
compare UUID "<" datetime or something like this.


If I try to execute the generated query, bad queries are instantly found
by pg_query.


But good ones are fully executed, which can take a long time depending
on joins and aggregations.

It seems that pg_prepare doesn't return errors on bad queries,
pg_last_error() is empty.

The asynchronous pg_send_query (and pg_cancel_query) seem not to return
any errors, either.

I tried with three queries:

"SELECT * FROM tableok"
"SELECT nonexistingfield FROM nonexistingtable"
"SELECT complete bad / sql query FROM nonsense"


Any ideas?

--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php

Re: checking select query syntax and semantics via php withoutexecuting

am 05.10.2009 23:50:51 von Rod

On 05/10/2009 22:34, Marco Dieckhoff wrote:

> Is it possible in PHP to give a sql (select) query to Postgres via pg_*
> so that it is NOT executed but merely checked for syntax including
> correct, existing field and table names, and data types?

How about prepending "explain" to the query? Just a wild notion.

Ray.


------------------------------------------------------------ ------
Raymond O'Donnell, Director of Music, Galway Cathedral, Ireland
rod@iol.ie
Galway Cathedral Recitals: http://www.galwaycathedral.org/recitals
------------------------------------------------------------ ------

--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php

Re: checking select query syntax and semantics via phpwithout executing

am 06.10.2009 00:01:39 von Bill Moran

In response to Marco Dieckhoff :
>
> Hi there!
>
> Is it possible in PHP to give a sql (select) query to Postgres via pg_*
> so that it is NOT executed but merely checked for syntax including
> correct, existing field and table names, and data types?
>
>
> I'm working on a system where users may assemble their own query in a
> construction kit, and want that to be checked, so that they don't e.g.
> compare UUID "<" datetime or something like this.
>
>
> If I try to execute the generated query, bad queries are instantly found
> by pg_query.
>
>
> But good ones are fully executed, which can take a long time depending
> on joins and aggregations.
>
> It seems that pg_prepare doesn't return errors on bad queries,
> pg_last_error() is empty.
>
> The asynchronous pg_send_query (and pg_cancel_query) seem not to return
> any errors, either.
>
> I tried with three queries:
>
> "SELECT * FROM tableok"
> "SELECT nonexistingfield FROM nonexistingtable"
> "SELECT complete bad / sql query FROM nonsense"
>
>
> Any ideas?

Off the top of my head, you could prefix the query with EXPLAIN, which
will cause it to be planned (thus checking syntax) and return an
execution plan, but not actually run the query.

--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php

Re: checking select query syntax and semantics via php withoutexecuting

am 06.10.2009 00:03:36 von Marco Dieckhoff

Bill Moran schrieb:
> In response to Marco Dieckhoff :
>> Hi there!
>>
>> Is it possible in PHP to give a sql (select) query to Postgres via pg_*
>> so that it is NOT executed but merely checked for syntax including
>> correct, existing field and table names, and data types?

> Off the top of my head, you could prefix the query with EXPLAIN, which
> will cause it to be planned (thus checking syntax) and return an
> execution plan, but not actually run the query.

Works as a charm, thanks to both of you.

Must be one of the quickest "case solved, thread closed" I have ever seen :)



--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php

Re: checking select query syntax and semantics via php without executing

am 06.10.2009 00:06:45 von Christophe Pettus

On Oct 5, 2009, at 3:03 PM, Marco Dieckhoff wrote:
> Must be one of the quickest "case solved, thread closed" I have ever
> seen :)

And you can present the user with the query plan, so they can tell if
they are about to do something horrible to the database. :)

--
-- Christophe Pettus
xof@thebuild.com


--
Sent via pgsql-php mailing list (pgsql-php@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-php