Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Cannot use type::thing in queries as they arent escaped properly #89

Open
2 tasks done
phughk opened this issue Jul 27, 2023 · 2 comments
Open
2 tasks done

Bug: Cannot use type::thing in queries as they arent escaped properly #89

phughk opened this issue Jul 27, 2023 · 2 comments
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@phughk
Copy link
Contributor

phughk commented Jul 27, 2023

Describe the bug

It seems that parameters might not be properly passed as parameters to the db or something weird is happening. Maybe the query is incorrect, but it seems right. We need a test for this though to be certain. The tests are to verify parameters and escaping works as expected. We need to consider "thing", "ident", "table", and perhaps several more that need to have formatting handled correctly.

Steps to reproduce

From discord:

res, err := h.DB.Query(`
    BEGIN TRANSACTION;
    LET $WAREHOUSE = (SELECT * FROM rand::uuid());
    CREATE type::thing("warehouse", $WAREHOUSE) CONTENT {
        name: $name,
        desc: $desc,
        logo: $logo,
        owner: $userID,
        isPhysical: $isPhysical,
        capacity: $capacity
    };
    UPDATE $userID SET owns += type::thing("warehouse", $WAREHOUSE);
    RELATE $userID->manages->type::thing("warehouse", $WAREHOUSE) 
    SET roles = ["owner"];
    COMMIT TRANSACTION;
    `, map[string]interface{}{
        "userID":     data.OwnerID,
        "name":       data.Name,
        "desc":       data.Desc,
        "logo":       data.Logo,
        "isPhysical": data.IsPhysical,
        "capacity":   data.Capacity,
    })

Results in

sending request failed for method 'query': There was a problem with the database: Parse error on line 13 at character 1 when parsing 'RELATE $userID->manages->type::thing("warehouse", $WAREHOUSE)

Workaround was

RELATE user:⟨01899675-7c82-7ed2-8c4b-fb1b59556c1f⟩->manages->warehouse:⟨01899675-7c82-7ed2-8c4b-fb1b59556c1e⟩
    CONTENT {
        roles: ["owner"]
    };

Expected behaviour

The original query should have worked. Or the workaround shouldn't have worked.

SurrealDB version

1.0.0-beta.9+20230726.43794700 for macos on aarch64

Contact Details

hugh@surrealdb.com, < worldwidepaniel on discord >

Is there an existing issue for this?

  • I have searched the existing issues

Code of Conduct

  • I agree to follow this project's Code of Conduct
@phughk phughk added bug Something isn't working good first issue Good for newcomers labels Jul 27, 2023
@JusticeN
Copy link

JusticeN commented Aug 4, 2023
edited
Loading

Instead of Type::thing why not just using fmt.Sprintf(...) and generate the uuid in go, not in sql query

...
id := uuid.new()
tableId := fmt.Sprintf("warehouse:%v", id)
sql := fmt.Sprintf("CREATE %v {
...
})

...
// same with RELATE too

Or use txt/template if you fill confortable with

@agufagit
Copy link

agufagit commented Aug 17, 2023
edited
Loading

i think you can just do

LET $id = CREATE warehouse:uuid() CONTENT ... RETURN id

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phughk @JusticeN @agufagit