On Jul 16, 2010, at 6:33 AM, JT Olds wrote: > I really would rather not depend on what is in the SQL itself, as the > concern I have has nothing to do with whether or not the user runs > SELECT, but whether or not this will cause the library to write to > disk. I'd love to decouple those two things. > > To that end, from an API perspective, is it safe to cast a sqlite_stmt > struct to the Vdbe struct, and just check the readOnly flag? In other > words, how static is that struct? My Lua interface could require that > all SQL gets prepared, and then I could reject prepared statements > that aren't readOnly myself.
Unsafe. Using the authorizer callback instead to figure out if a statement may write the database is a better way: http://www.sqlite.org/c3ref/c_alter_table.html http://www.sqlite.org/c3ref/set_authorizer.html > > -JT > > On Thu, Jul 15, 2010 at 12:41 PM, Jim Morris <jmor...@bearriver.com> > wrote: >> You also need to watch for multiple command separated via ';' >> >> On 7/15/2010 11:36 AM, JT Olds wrote: >>> I considered that also, but I wasn't sure about whether or not that >>> guaranteed no disk writes (maybe some sort of function call might be >>> made there). That also restricts things like the usage of in-memory >>> temp tables that might be useful. It appears that sqlite knows >>> whether >>> or not a statement will definitively, actually hit disk, whereas >>> filtering by SELECT seemed unclear to me as to whether it would >>> quite >>> cover or catch everything. >>> >>> If that is truly the best way, then that's fine I guess. >>> >>> -JT >>> >>> On Thu, Jul 15, 2010 at 12:25 PM, Simon >>> Slavin<slav...@bigfraud.org> wrote: >>> >>>> On 15 Jul 2010, at 7:07pm, JT Olds wrote: >>>> >>>> >>>>> is there a way to check a prepared statement >>>>> before allowing its use as to if it will attempt to write to disk? >>>>> >>>> You could perhaps accept only statements that start with >>>> 'SELECT'. It depends on how you're passing them to SQLite. >>>> >>>> Simon. >>>> _______________________________________________ >>>> sqlite-users mailing list >>>> sqlite-users@sqlite.org >>>> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >>>> >>>> >>> _______________________________________________ >>> sqlite-users mailing list >>> sqlite-users@sqlite.org >>> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >>> >>> >> _______________________________________________ >> sqlite-users mailing list >> sqlite-users@sqlite.org >> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >> > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
