-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ddl: migrate part of ddl package code from Execute/ExecRestricted to safe API (1) #22670
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need changes.
ddl/util/util.go
Outdated
recordDoneDeletedRangeSQL = `INSERT IGNORE INTO mysql.gc_delete_range_done SELECT * FROM mysql.gc_delete_range WHERE job_id = %? AND element_id = %?` | ||
completeDeleteRangeSQL = `DELETE FROM mysql.gc_delete_range WHERE job_id = %? AND element_id = %?` | ||
completeDeleteMultiRangesSQL = `DELETE FROM mysql.gc_delete_range WHERE job_id = %? AND element_id in (%?)` | ||
updateDeleteRangeSQL = `UPDATE mysql.gc_delete_range SET start_key = "%?" WHERE job_id = %? AND element_id = %? AND start_key = "%?"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Delete the quotes around %?
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch
ddl/column.go
Outdated
sql := fmt.Sprintf("select 1 from `%s`.`%s` where %s limit 1;", schema.L, table.L, colsStr) | ||
rows, _, err := ctx.(sqlexec.RestrictedSQLExecutor).ExecRestrictedSQL(sql) | ||
sql := "select 1 from %n.%n where " + colsStr + " limit 1;" | ||
stmt, err := ctx.(sqlexec.RestrictedSQLExecutor).ParseWithParams(context.Background(), sql, paramsList...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not considered safe to use concat and ParseWithParams at the same time. Though this case is safe.
fmt.Sprintf(fmt.Sprintf("%s", "%s"))
will report an error.
You may want to check this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good~
the PR link is not right
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, here it is: 22674
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest that you can use fmt.Fprintf.
Signed-off-by: AilinKid <[email protected]>
Signed-off-by: AilinKid <[email protected]>
Signed-off-by: AilinKid <[email protected]>
Signed-off-by: AilinKid <[email protected]>
Signed-off-by: AilinKid <[email protected]>
ddl/util/util.go
Outdated
completeDeleteMultiRangesSQL := completeDeleteMultiRangesSQLPrefix + idList + completeDeleteMultiRangesSQLSuffix | ||
_, err := ctx.(sqlexec.SQLExecutor).ExecuteInternal(context.TODO(), completeDeleteMultiRangesSQL, paramIDs...) | ||
var buf strings.Builder | ||
_, err := fmt.Fprintf(&buf, completeDeleteMultiRangesSQL, idList) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just let you know, we have fmt.Fprintf
in our errcheck_ignore lists. And I agreed with that. fmt.Fprintf
can not throw error on valid input, unless OOM. So you do not need to check that error.
BTW, You could use Fprintf
to concat idList
& nameList
too.
Signed-off-by: AilinKid <[email protected]>
Signed-off-by: AilinKid <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/run-all-tests |
/run-integration-copr-test |
ptal @tiancaiamao |
LGTM |
/merge |
/run-all-tests |
Signed-off-by: ti-srebot <[email protected]>
cherry pick to release-5.0-rc in PR #22928 |
Signed-off-by: ti-srebot <[email protected]>
cherry pick to release-4.0 in PR #22929 |
Signed-off-by: ti-srebot <[email protected]>
cherry pick to release-3.0 in PR #22930 |
…safe API (1) (pingcap#22670) Signed-off-by: AilinKid <[email protected]>
Signed-off-by: AilinKid [email protected]
What problem does this PR solve?
Issue Number: part close #pingcap/tidb-test#1152
What is changed and how it works?
What's Changed:
Migrate part of code in ddl package from using Execute/ExecRestricted to safe API
Related changes
pingcap/docs
/pingcap/docs-cn
:Check List
Tests
Release note