postgresql-42.2.10.jar
.
postgresql-42.2.10.jar
is in your
CLASSPATH
.
conn.close()
is called, no matter what
exceptions are thrown.
next()
method gets the next row,
or returns false if there are no more rows in the ResultSet
.
getLong
, getString
, etc,
retrieve values from the current row. See also wasNull
.
SELECT
statements), use
executeQuery()
.
executeUpdate()
.
"DELETE FROM Registered WHERE student=1111111111 AND course='ccc111'"
"DELETE FROM Registered WHERE student="+idnr+" AND course='"+code+"'"
"DELETE FROM Registered WHERE student="+idnr+" AND course='"+code+"'"
idnr=0
code="x' OR 'a'='a"
"DELETE FROM Registered WHERE student="+idnr+" AND course='"+code+"'"
idnr=0
code="x' OR 'a'='a"
DELETE FROM Registered WHERE student=0 AND course='x' OR 'a'='a'
Robert'); DROP TABLE Students;--
?
?
for every parameter in the SQL statement string and
use the prepareStatement
method.
?
with a value in a safe way.
prepareStatement
instead of createStatement()
.
PreparedStatement
can be used many times,
with different values for the parameters.
ResultSet
at a time.
setup.sql
in psql
setup.sql
import Databases.HDBC
import Databases.HDBC.PostgreSQL
import Databases.HDBC.Sqlite3
cabal install HDBC-postgresql
connectPostgreSQL :: String -> IO Connection
import Databases.HDBC.PostgreSQL main = do conn <- connectPostreSQL "dbname=countries" -- ...
run :: Connection -> String -> [SqlValue] -> IO Integer commit :: Connection -> IO ()
import Databases.HDBC.Postgres import Databases.HDBC main = do conn <- connectPostreSQL "dbname=countries" run conn "UPDATE Currencies SET value=10.61 WHERE code='EUR'" [] commit
commit :: Connection -> IO () rollback :: Connection -> IO ()
withTransaction :: Connection -> (Connection -> IO a) -> IO a
main = do conn <- connectPostreSQL "dbname=countries" withTransaction conn $ \ conn -> do run conn "UPDATE Currencies SET value=10.61 WHERE code='EUR'" [] (...)
commit
rollback
quickQuery' :: Connection -> String -> [SqlValue] -> IO [[SqlValue]]
import Databases.HDBC.Postgres import Databases.HDBC main = do conn <- connectPostreSQL "dbname=countries" rows <- quickQuery' conn query [] print rows where query = "SELECT name,population FROM Countries WHERE continent='EU'"
quickQuery' :: Connection -> String -> [SqlValue] -> IO [[SqlValue]]
SqlValue
toSql
fromSql
SqlValue
getContinent :: Connection -> String -> IO [(String,Int)]
getContinent conn continent =
map convertRow <$> quickQuery' conn query [toSql continent]
where
query = "SELECT name,population FROM Countries WHERE continent=?"
convertRow :: [SqlValue] -> (String,Int)
convertRow [name,pop] = (fromSql name,fromSql pop)
unregisterStudent :: Connection -> String -> String -> IO () unregisterStudent conn student course = run conn ("DELETE FROM Registered "++ "WHERE course='"++course++"' AND student='"++student++"'") []
unregisterStudent conn "TDA357" "x' OR 'a'='a"
unregisterStudent :: Connection -> String -> String -> IO ()
unregisterStudent conn student course =
run conn "DELETE FROM Registered WHERE course=? AND student=?"
[toSql course,toSql student]
run
run :: Connection -> String -> [SqlValue] -> IO Integer
prepare :: Connection -> String -> IO Statement execute :: Statement -> [SqlValue] -> IO Integer executeMany :: Statement -> [[SqlValue]] -> IO Integer
main = do conn <- (...) stmt <- prepare conn "INSERT INTO Currencies VALUES (?, ?)" executeMany stmt [[toSql "EUR", toSql 10.55], [toSql "GBP", toSql 12.15], [toSql "USD", toSql 9.31]]
quickQuery'
quickQuery' :: Connection -> String -> [SqlValue] -> IO [[SqlValue]]
prepare :: Connection -> String -> IO Statement execute :: Statement -> [SqlValue] -> IO Integer fetchAllRows' :: Statement -> IO [[SqlValue]] fetchRow :: Statement -> IO [SqlValue]
Statement
execute
fetch…
functions.
MiniIMDB.hs
,
SqlRows.hs
,
HTML.hs
,
miniimdb.cabal
.
movies.sql
(tables),
import.psql
,
views.sql
,
indexes.sql
.