[−][src]Crate concatsql
ConcatSQL
concatsql is a secure library for PostgreSQL, MySQL and SQLite.
Unlike other libraries, you can use string concatenation to prevent SQL injection.
use concatsql::prelude::*; fn main() { let conn = concatsql::sqlite::open(":memory:").unwrap(); conn.execute(r#" CREATE TABLE users (name TEXT, age INTEGER); INSERT INTO users (name, age) VALUES ('Alice', 42); INSERT INTO users (name, age) VALUES ('Bob', 69); "#).unwrap(); let age = String::from("42"); // user input let sql = prep!("SELECT name FROM users WHERE age = ") + &age; // At runtime it will be transformed into a query like assert_eq!(sql.simulate(), "SELECT name FROM users WHERE age = '42'"); for row in conn.rows(&sql).unwrap() { assert_eq!(row.get(0).unwrap(), "Alice"); assert_eq!(row.get("name").unwrap(), "Alice"); } let age = String::from("42 OR 1=1; --"); // user input let sql = prep!("SELECT name FROM users WHERE age = ") + &age; // At runtime it will be transformed into a query like assert_eq!(sql.simulate(), "SELECT name FROM users WHERE age = '42 OR 1=1; --'"); conn.iterate(&sql, |_| { unreachable!() }).unwrap(); }
Modules
| mysql | mysqlInterface to MySQL of ConcatSQL. |
| postgres | postgresInterface to PostgreSQL of ConcatSQL. |
| prelude | Re-exports important traits and types. |
| sqlite | sqliteInterface to SQLite of ConcatSQL. |
Macros
| prep | Prepare a SQL statement for execution. |
| sanitize_like | Sanitizes a string so that it is safe to use within an SQL LIKE statement. |
Structs
| Connection | A database connection. |
| Row | A single result row of a query. |
| WrapString | Wraps a String type. |
Enums
| Error | Enum listing possible errors from concatsql. |
| ErrorLevel | Change the output error message. |
Traits
| FromSql | Parse a value from a sql string. |
| Get | A trait implemented by types that can index into columns of a row. |
| IntoWrapString | A trait for converting a value to a WrapString. |
Functions
| html_special_chars | Convert special characters to HTML entities. |
| without_escape⚠ | Does not escape. |
Type Definitions
| Result | A typedef of the result returned by many methods. |