Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DBI Improvements #48

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

DBI Improvements #48

wants to merge 5 commits into from

Conversation

defc0n
Copy link

@defc0n defc0n commented Oct 19, 2022

These changes fix/improve the following with the Plack::Session::Store::DBI module:

  • Fix SQL quoting issues with table / column names
  • Add support for data_column & id_column attributes to customize
  • Add support for additional_column_data() customization

Josh Ballard added 4 commits October 18, 2022 14:00
Allow specification of the id and data columns.
406115c 
This is a natural extension to the existing code to allow for maximum
flexibility, should a user be converting from an existing DBI-backed
session store, but wanting to convert to Plack::Middleware::Session.
Allow for extending modules to set DB data columns.
a99031b 
This isn't immediately useful for this exact module, but doesn't change
the structure of the written SQL when unextended, and allows for
significant extension of DBI-backed session stores.
Rework DBI tests to exercise options, not just defaults.
569bb4f
Fix issues with quoting in DBI Store.
e732cf6
@haarg
Copy link
Member

haarg commented Oct 19, 2022

This generally looks good, but could be a problem for some uses. Without this, the table name could be specified with a schema, like other_database.my_table_name.

@defc0n
Copy link
Author

defc0n commented Oct 20, 2022

What about doing something like:

diff --git a/lib/Plack/Session/Store/DBI.pm b/lib/Plack/Session/Store/DBI.pm
index e8a1176..6822f87 100644
--- a/lib/Plack/Session/Store/DBI.pm
+++ b/lib/Plack/Session/Store/DBI.pm
@@ -48,7 +48,7 @@ sub fetch {
         sprintf(
             "SELECT %s FROM %s WHERE %s = ?",
             $dbh->quote_identifier($data_column),
-            $dbh->quote_identifier($table_name),
+            $self->_quote_table_name($table_name),
             $dbh->quote_identifier($id_column),
         )
     );
@@ -72,7 +72,7 @@ sub store {
     my $sth = $dbh->prepare_cached(
         sprintf(
             "SELECT 1 FROM %s WHERE %s = ?",
-            $dbh->quote_identifier($table_name),
+            $self->_quote_table_name($table_name),
             $dbh->quote_identifier($id_column),
         )
     );
@@ -96,7 +96,7 @@ sub store {
         my $sth = $dbh->prepare_cached(
             sprintf(
                 "UPDATE %s SET %s WHERE %s = ?",
-                $dbh->quote_identifier($table_name),
+                $self->_quote_table_name($table_name),
                 join(',', map { $dbh->quote_identifier($_).' = ?' } @columns),
                 $dbh->quote_identifier($id_column),
             )
@@ -107,7 +107,7 @@ sub store {
         my $sth = $dbh->prepare_cached(
             sprintf(
                 "INSERT INTO %s (%s) VALUES (%s)",
-                $dbh->quote_identifier($table_name),
+                $self->_quote_table_name($table_name),
                 join(',', map { $dbh->quote_identifier($_) } @columns),
                 join(',', map { '?' } @columns),
             )
@@ -125,7 +125,7 @@ sub remove {
     my $sth = $self->_dbh->prepare_cached(
         sprintf(
             "DELETE FROM %s WHERE %s = ?",
-            $self->_dbh->quote_identifier($table_name),
+            $self->_quote_table_name($table_name),
             $self->_dbh->quote_identifier($id_column),
         )
     );
@@ -133,6 +133,12 @@ sub remove {
     $sth->finish;
 }

+sub _quote_table_name {
+    my ($self, $table_name) = @_;
+    my @parts = split /\./, $table_name;
+    return join '.', map { $self->_dbh->quote_identifier( $_ ) } @parts;
+}
+
 1;

 __END__
diff --git a/t/006_basic_w_dbi_store.t b/t/006_basic_w_dbi_store.t
index e223792..662d180 100644
--- a/t/006_basic_w_dbi_store.t
+++ b/t/006_basic_w_dbi_store.t
@@ -95,4 +95,8 @@ TestSession::run_all_tests(

 $dbh->disconnect;

+my $store = Plack::Session::Store::DBI->new( dbh => $dbh );
+is $store->_quote_table_name('mysession'), '"mysession"';
+is $store->_quote_table_name('otherdb.mysession'), '"otherdb"."mysession"';
+
 done_testing;

@haarg
Copy link
Member

haarg commented Oct 23, 2022

That seems like a reasonable solution to me.

Don't misquote table_name prefixed w/ database
ec5de6c 
In other words, make sure a table_name of somedatabase.sometable gets quoted as
`somedatabase`.`sometable and not `somedatabase.sometable`.
@defc0n
Copy link
Author

defc0n commented Oct 17, 2023

That seems like a reasonable solution to me.

@haarg any chance this could be included in a release soon?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@defc0n @haarg