Module: Dbviewer::QueryOperations

Extended by:: ActiveSupport::Concern

Included in:: DatabaseOperations

Defined in:: app/controllers/concerns/dbviewer/query_operations.rb

Instance Method Summary collapse

#default_query(table_name) ⇒ Object
#execute_query(query) ⇒ Object

Execute the prepared SQL query.
#prepare_query(table_name, query) ⇒ Object

Prepare the SQL query - either from params or default.

Instance Method Details

#default_query(table_name) ⇒ `Object`

# File 'app/controllers/concerns/dbviewer/query_operations.rb', line 23

def default_query(table_name)
  quoted_table = safe_quote_table_name(table_name)
  "SELECT * FROM #{quoted_table} LIMIT 100"
end

#execute_query(query) ⇒ `Object`

Execute the prepared SQL query



19
20
21

# File 'app/controllers/concerns/dbviewer/query_operations.rb', line 19

def execute_query(query)
  database_manager.execute_query(@query)
end

#prepare_query(table_name, query) ⇒ `Object`

Prepare the SQL query - either from params or default

# File 'app/controllers/concerns/dbviewer/query_operations.rb', line 6

def prepare_query(table_name, query)
  query = query.present? ? query.to_s : default_query(table_name)

  # Validate query for security
  unless ::Dbviewer::Validator::Sql.safe_query?(query)
    query = default_query(table_name)
    flash.now[:warning] = "Only SELECT queries are allowed. Your query contained potentially unsafe operations. Using default query instead."
  end

  query
end

Module: Dbviewer::QueryOperations

Instance Method Summary collapse

Instance Method Details

#default_query(table_name) ⇒ Object

#execute_query(query) ⇒ Object

#prepare_query(table_name, query) ⇒ Object

#default_query(table_name) ⇒ `Object`

#execute_query(query) ⇒ `Object`

#prepare_query(table_name, query) ⇒ `Object`