|
def run_command(self, code, timeout=-1, async_=False): |
|
|
|
# Writing the cell code within a file and then sourcing it in the client |
|
# offers us a lot of advantages. |
|
# We avoid Pexpect's limitation of PC_MAX_CANON (1024) chars per line |
|
# and we also avoid more nasty issues like MariaDB client behaviour |
|
# sending continuation prompt when "\n" is received. |
The current implementation of using the mariadb client cli has some limitations.
|
def run_statement(self, code, timeout=-1): |
The run_statement doesn't support parameter substitution, which can lead to unintentional SQL injections while adding more magics:
|
use_csv_update_table_cmd = f"""LOAD DATA LOCAL INFILE '{self.csv_file_path}' |
|
f"select * from {self.table_name} limit 5;" |
Security is not as much of an issue, but it can lead to issues with some commands, for example if the file is named ' a.csv.
Trying to escape these edge cases in Python will lead to an imperfect re-implementation of the escaping logic like the original connector.
Ideally, the run_statement method should accept a list of substitution parameters like the Python connector
cur.execute("INSERT INTO test.accounts(first_name, last_name, email, amount) VALUES (?, ?, ?, ?)",
(first_name, last_name, email, amount))
|
self.prompt = re.compile(r"MariaDB \[.*\]>[ \t]") |
Listening for the MariaDB [] prompt causes some queries to never finish or truncate the output.
The Python connector will be more reliable as it is both officially supported and throughly tested.
mariadb_kernel/mariadb_kernel/mariadb_client.py
Lines 21 to 27 in 0dddfe5
The current implementation of using the mariadb client cli has some limitations.
mariadb_kernel/mariadb_kernel/mariadb_client.py
Line 100 in 0dddfe5
The
run_statementdoesn't support parameter substitution, which can lead to unintentional SQL injections while adding more magics:mariadb_kernel/mariadb_kernel/maria_magics/load.py
Line 46 in 362e378
mariadb_kernel/mariadb_kernel/maria_magics/load.py
Line 57 in 362e378
Security is not as much of an issue, but it can lead to issues with some commands, for example if the file is named
' a.csv.Trying to escape these edge cases in Python will lead to an imperfect re-implementation of the escaping logic like the original connector.
Ideally, the
run_statementmethod should accept a list of substitution parameters like the Python connectormariadb_kernel/mariadb_kernel/mariadb_client.py
Line 50 in 0dddfe5
Listening for the
MariaDB []prompt causes some queries to never finish or truncate the output.The Python connector will be more reliable as it is both officially supported and throughly tested.