The following simple example might illustrate what I’m trying to achieve CREATE TABLE tbl0 (a INTEGER PRIMARY KEY, b INTEGER); CREATE TABLE tbl1 (a INTEGER PRIMARY KEY, c INTEGER);
Suppose a user enters the following sql SELECT b, c FROM tbl0 INNER JOIN tbl1 USING (a) WHERE a > ?1; I want to scan the sql, get the tables and columns associated with each ID token, check authorization and do some manipulation of my own. The sqlite3TreeViewSelect returns the following text '-- SELECT (1/2364128) selFlags=0xc4 nSelectRow=179 |-- result-set | |-- {0:1} flags=0x820000 | '-- {1:1} flags=0x820000 |-- FROM | |-- {0,*} tbl0 tab='tbl0' nCol=2 ptr=2421C68 | '-- {1,*} tbl1 tab='tbl1' nCol=2 ptr=2421D88 '-- WHERE '-- AND |-- GT | |-- {0:-1} flags=0x820000 | '-- VARIABLE(?1,1) '-- EQ |-- {0:-1} '-- {1:-1} From this text it would be easy to extract the equivalent sql SELECT t0.b, t1.c FROM tbl0 t0, tbl1 t1 WHERE t0.rowid > ?1 AND t0.rowid = t1.rowid; and I’ll know exactly what every table and column each token ID maps to. I can check the user is allowed to access these and then change any of the sql I want to before executing it. I could use the sqlite3_set_authorizer but the schema.table.column for each ID token isn’t sent to the authorizer callback in the order they appear in the sql. It also mysteriously omits some tokens. e.g. for above sql the authorizer wouldn’t receive a call for the ‘a’ column in USING (a) yet if the sql read SELECT b, c FROM tbl0 INNER JOIN tbl1 ON tbl0.a = tbl1.a WHERE tbl0.a > ?1; the authorizer callback would be called for tbl0.a and tbl1.a. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users