René's URL Explorer Experiment


Title: Support prepared statements and parameters by vhiairrassary · Pull Request #21 · Query-farm/httpserver · GitHub

Open Graph Title: Support prepared statements and parameters by vhiairrassary · Pull Request #21 · Query-farm/httpserver

X Title: Support prepared statements and parameters by vhiairrassary · Pull Request #21 · Query-farm/httpserver

Description: Hello, I need to support untrusted inputs so I have created this PR as a starting point to see if you would be interested to have this feature merged upstream, and if yes, to discuss about the details. How it works If there is no parameter then execution did not change If there is at least one parameter then I prepare a statement, extract the named values (this PoC does not support positional parameters, but it can be easily done. As a personal note I find them confusing, and even saw they are a syntactic sugar for named parameters under the hood) and execute the prepared statement How to test it It can be tested using: make DUCKDB_HTTPSERVER_DEBUG=1 \ DUCKDB_HTTPSERVER_FOREGROUND=1 \ duckdb -unsigned \ -c "FORCE INSTALL httpserver FROM './build/release/repository';" \ -c "LOAD httpserver;" \ -c "SELECT 890;" \ -c "SELECT httpserve_start('0.0.0.0', 4000, '');" and curl -X POST -d 'SELECT typeof($ABC), $abc, typeof($DEF), $def' -g 'http://localhost:4000?parameters={"abc":{"type":"TEXT","value":"7"},"def":{"type":"BOOLEAN","value":true}}' # {"typeof($ABC)":"VARCHAR","$abc":"7","typeof($DEF)":"BOOLEAN","$def":"true"} Questions/notes I am relying on exceptions to split the code in separated functions and make it easier to read (see the refactored CheckAuthentication and ExtractFormat functions for example). They are not on the happy path and should not impact performances (assuming the database is not publicly available, which sounds reasonable) I tried to follow what is done by Snowflake For the PoC I expect the query's parameters to be a JSON string in the HTTP parameter parameter. This sounds weird and I would be happy to move all the parameters (format, query/q and parameters) inside a single JSON body. Wdyt? We could either: keep the GET (with format and query/q), the POST (with format and query/q) and POST with a JSON body (with format and query/q and parameters) or keep the GET as above and unify both POST with a JSON body (with format and query/q and parameters), but it would be a breaking change I am not sure if I need to do something to drop the prepared statement (In SQL there is an explicit DEALLOCATE operation)

Open Graph Description: Hello, I need to support untrusted inputs so I have created this PR as a starting point to see if you would be interested to have this feature merged upstream, and if yes, to discuss about the deta...

X Description: Hello, I need to support untrusted inputs so I have created this PR as a starting point to see if you would be interested to have this feature merged upstream, and if yes, to discuss about the deta...

Opengraph URL: https://github.com/Query-farm/httpserver/pull/21

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository/pull/:id/checks(.:format)
route-controllerpull_requests
route-actionchecks
fetch-noncev2:c33391ef-8939-715b-20cb-f2aeb4e068e1
current-catalog-service-hash87dc3bc62d9b466312751bfd5f889726f4f1337bdff4e8be7da7c93d6c00a25a
request-idB3C2:1657A0:63E068:8B260B:69822762
html-safe-nonce78eee29cbbcfa5f9827746fe00a30277b39b61c1b66eb50ef8906a521a312802
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCM0MyOjE2NTdBMDo2M0UwNjg6OEIyNjBCOjY5ODIyNzYyIiwidmlzaXRvcl9pZCI6IjEzMjAyNDE5Nzc1NTEzNjU5ODYiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmacb329a6abeeaf1db896f96c77c5e533ccb3d688b9b83c5dc5d513cf7c156b62bc
hovercard-subject-tagpull_request:2236057098
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,checks,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/checks
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/Query-farm/httpserver/pull/21/checks
twitter:imagehttps://avatars.githubusercontent.com/u/6972399?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/u/6972399?s=400&v=4
og:image:altHello, I need to support untrusted inputs so I have created this PR as a starting point to see if you would be interested to have this feature merged upstream, and if yes, to discuss about the deta...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
Nonef29b4256dc96a8de29f6e5fad4bf98fdbfc5cb1dbb313013053581f8470d8a21
turbo-cache-controlno-cache
go-importgithub.com/Query-farm/httpserver git https://github.com/Query-farm/httpserver.git
octolytics-dimension-user_id183420031
octolytics-dimension-user_loginQuery-farm
octolytics-dimension-repository_id869750358
octolytics-dimension-repository_nwoQuery-farm/httpserver
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id869750358
octolytics-dimension-repository_network_root_nwoQuery-farm/httpserver
turbo-body-classeslogged-out env-production page-responsive full-width full-width-p-0
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release61292800a4f1180f0b13782adc5da7267ec99b94
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FQuery-farm%2Fhttpserver%2Fpull%2F21%2Fchecks
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FQuery-farm%2Fhttpserver%2Fpull%2F21%2Fchecks
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Fchecks&source=header-repo&source_repo=Query-farm%2Fhttpserver
Reloadhttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Reloadhttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Reloadhttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Query-farm https://patch-diff.githubusercontent.com/Query-farm
httpserverhttps://patch-diff.githubusercontent.com/Query-farm/httpserver
duckdb/extension-templatehttps://patch-diff.githubusercontent.com/duckdb/extension-template
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2FQuery-farm%2Fhttpserver
Fork 10 https://patch-diff.githubusercontent.com/login?return_to=%2FQuery-farm%2Fhttpserver
Star 265 https://patch-diff.githubusercontent.com/login?return_to=%2FQuery-farm%2Fhttpserver
Code https://patch-diff.githubusercontent.com/Query-farm/httpserver
Issues 10 https://patch-diff.githubusercontent.com/Query-farm/httpserver/issues
Pull requests 1 https://patch-diff.githubusercontent.com/Query-farm/httpserver/pulls
Actions https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions
Security 0 https://patch-diff.githubusercontent.com/Query-farm/httpserver/security
Insights https://patch-diff.githubusercontent.com/Query-farm/httpserver/pulse
Code https://patch-diff.githubusercontent.com/Query-farm/httpserver
Issues https://patch-diff.githubusercontent.com/Query-farm/httpserver/issues
Pull requests https://patch-diff.githubusercontent.com/Query-farm/httpserver/pulls
Actions https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions
Security https://patch-diff.githubusercontent.com/Query-farm/httpserver/security
Insights https://patch-diff.githubusercontent.com/Query-farm/httpserver/pulse
Sign up for GitHub https://patch-diff.githubusercontent.com/signup?return_to=%2FQuery-farm%2Fhttpserver%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://patch-diff.githubusercontent.com/login?return_to=%2FQuery-farm%2Fhttpserver%2Fissues%2Fnew%2Fchoose
vhiairrassaryhttps://patch-diff.githubusercontent.com/vhiairrassary
Query-farm:mainhttps://patch-diff.githubusercontent.com/Query-farm/httpserver/tree/main
vhiairrassary:vhiairrassary/support-bind-variableshttps://patch-diff.githubusercontent.com/vhiairrassary/duckdb-extension-httpserver/tree/vhiairrassary/support-bind-variables
Conversation 12 https://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21
Commits 1 https://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/commits
Checks 36 https://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Files changed https://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/files
Please reload this pagehttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Please reload this pagehttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Sign in for the full log viewhttps://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FQuery-farm%2Fhttpserver%2Fpull%2F21%2Fchecks
Support prepared statements and parameters https://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks#top
Please reload this pagehttps://patch-diff.githubusercontent.com/Query-farm/httpserver/pull/21/checks
Extension Template on: pull_request https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017947
Linux https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017947/job/34564910840?pr=21
MacOS https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017947/job/34564910350?pr=21
Windows https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017947/job/34564910619?pr=21
Main Extension Distribution Pipeline on: pull_request https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959
Build extension binaries / Generate matrix https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564921939?pr=21
Build extension binaries / Linux (linux_amd64, ubuntu:18.04, x64-linux) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564928143?pr=21
Build extension binaries / Linux (linux_amd64_gcc4, quay.io/pypa/manylinux2014_x86_64, x64-linux) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564928969?pr=21
Build extension binaries / Linux (linux_arm64, ubuntu:18.04, arm64-linux) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564929450?pr=21
Build extension binaries / MacOS (osx_amd64, x86_64, x64-osx) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564927937?pr=21
Build extension binaries / MacOS (osx_arm64, arm64, arm64-osx) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564928548?pr=21
Build extension binaries / Windows (windows_amd64, x64-windows-static-md) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564927724?pr=21
Build extension binaries / Windows (windows_amd64_rtools, x64-mingw-static) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564928331?pr=21
Build extension binaries / DuckDB-Wasm (wasm_mvp, wasm32-emscripten) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564927490?pr=21
Build extension binaries / DuckDB-Wasm (wasm_eh, wasm32-emscripten) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564928776?pr=21
Build extension binaries / DuckDB-Wasm (wasm_threads, wasm32-emscripten) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564929180?pr=21
Build extension binaries / Generate matrix https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564922146?pr=21
Build extension binaries / Linux (linux_amd64, ubuntu:18.04, x64-linux) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564940952?pr=21
Build extension binaries / Linux (linux_amd64_gcc4, quay.io/pypa/manylinux2014_x86_64, x64-linux) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564941513?pr=21
Build extension binaries / Linux (linux_arm64, ubuntu:18.04, arm64-linux) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564941919?pr=21
Build extension binaries / MacOS (osx_amd64, x86_64, x64-osx) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564940737?pr=21
Build extension binaries / MacOS (osx_arm64, arm64, arm64-osx) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564941140?pr=21
Build extension binaries / Windows (windows_amd64, x64-windows-static-md) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564940322?pr=21
Build extension binaries / Windows (windows_amd64_rtools, x64-mingw-static) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564940548?pr=21
Build extension binaries / DuckDB-Wasm (wasm_mvp, wasm32-emscripten) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564941325?pr=21
Build extension binaries / DuckDB-Wasm (wasm_eh, wasm32-emscripten) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564941715?pr=21
Build extension binaries / DuckDB-Wasm (wasm_threads, wasm32-emscripten) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34564942086?pr=21
Deploy extension binaries / Generate matrix https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566301804?pr=21
Deploy extension binaries / Deploy (linux_amd64) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566316386?pr=21
Deploy extension binaries / Deploy (linux_amd64_gcc4) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566316707?pr=21
Deploy extension binaries / Deploy (linux_arm64) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566316911?pr=21
Deploy extension binaries / Deploy (osx_amd64) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566317095?pr=21
Deploy extension binaries / Deploy (osx_arm64) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566317257?pr=21
Deploy extension binaries / Deploy (windows_amd64) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566317448?pr=21
Deploy extension binaries / Deploy (windows_amd64_rtools) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566317625?pr=21
Deploy extension binaries / Deploy (wasm_mvp) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566317825?pr=21
Deploy extension binaries / Deploy (wasm_eh) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566318010?pr=21
Deploy extension binaries / Deploy (wasm_threads) https://patch-diff.githubusercontent.com/Query-farm/httpserver/actions/runs/12383017959/job/34566318175?pr=21
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.