maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prefer SELECT (a,b,c) to SELECT *

Browse source 
"SELECT *" in SQL may not guarantee the order in which a record's columns are
returned. For example, in my FromRow instances for Account, I make successive call

The following scenario silently and erroneously assigns:

firstName, lastName = lastName, firstName

```sql
CREATE TABLE People (
  firstName TEXT NOT NULL,
  lastName TEXT NOT NULL,
  age INTEGER NOT NULL,
  PRIMARY KEY (firstName, lastName)
)
```

```haskell
data Person = Person { firstName :: String, lastName :: String, age :: Integer }

fromRow = do
  firstName <- field
  lastName  <- field
  age       <- field
  pure Person{..}

getPeople :: Connection -> IO [Person]
getPeople conn = query conn "SELECT * FROM People"
```

This silently fails because both firstName and lastName are Strings, and so the
FromRow Person instance type-checks, but you should expect to receive a list of
names like "Wallace William" instead of "William Wallace".

The following won't break the type-checker, but will result in a runtime parsing
error:

```haskell
-- all code from the previous example remains the same except for:

fromRow = do
  age       <- field
  firstName <- field
  lastName  <- field
```

The "SELECT *" will return records like (firstName,lastName,age), but the
FromRow instance for Person will attempt to parse firstName as
Integer.

So... what have we learned? Prefer "SELECT (firstName,lastName,age)" instead of
"SELECT *".
This commit is contained in:
William Carroll 2020-07-30 18:52:45 +01:00
parent dec8890190
commit 6ecab8c3a6
4 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Accounts.hs
View file

@ -37,7 +37,7 @@ delete dbFile username = withConnection dbFile $ \conn -> do
-- | Attempt to find `username` in the Account table of `dbFile`.
lookup :: FilePath -> T.Username -> IO (Maybe T.Account)
lookup dbFile username = withConnection dbFile $ \conn -> do
res <- query conn "SELECT * FROM Accounts WHERE username = ?" (Only username)
res <- query conn "SELECT (username,password,email,role,profilePicture) FROM Accounts WHERE username = ?" (Only username)
case res of
[x] -> pure (Just x)
_ -> pure Nothing
@ -45,5 +45,5 @@ lookup dbFile username = withConnection dbFile $ \conn -> do
-- | Return a list of accounts with the sensitive data removed.
list :: FilePath -> IO [T.User]
list dbFile = withConnection dbFile $ \conn -> do
accounts <- query_ conn "SELECT * FROM Accounts"
accounts <- query_ conn "SELECT (username,password,email,role,profilePicture) FROM Accounts"
pure $ T.userFromAccount <$> accounts

2
src/PendingAccounts.hs
View file

@ -22,7 +22,7 @@ create dbFile secret username password role email = withConnection dbFile $ \con
get :: FilePath -> T.Username -> IO (Maybe T.PendingAccount)
get dbFile username = withConnection dbFile $ \conn -> do
res <- query conn "SELECT * FROM PendingAccounts WHERE username = ?" (Only username)
res <- query conn "SELECT (secret,username,password,role,email) FROM PendingAccounts WHERE username = ?" (Only username)
case res of
[x] -> pure (Just x)
_ -> pure Nothing

6
src/Sessions.hs
View file

@ -20,7 +20,7 @@ isValid session = do
-- | Lookup the session by UUID.
get :: FilePath -> T.SessionUUID -> IO (Maybe T.StoredSession)
get dbFile uuid = withConnection dbFile $ \conn -> do
res <- query conn "SELECT * FROM Sessions WHERE uuid = ?" (Only uuid)
res <- query conn "SELECT (uuid,username,tsCreated) FROM Sessions WHERE uuid = ?" (Only uuid)
case res of
[x] -> pure (Just x)
_ -> pure Nothing
@ -28,7 +28,7 @@ get dbFile uuid = withConnection dbFile $ \conn -> do
-- | Lookup the session stored under `username` in `dbFile`.
find :: FilePath -> T.Username -> IO (Maybe T.StoredSession)
find dbFile username = withConnection dbFile $ \conn -> do
res <- query conn "SELECT * FROM Sessions WHERE username = ?" (Only username)
res <- query conn "SELECT (uuid,username,tsCreated) FROM Sessions WHERE username = ?" (Only username)
case res of
[x] -> pure (Just x)
_ -> pure Nothing
@ -71,4 +71,4 @@ findOrCreate dbFile account = withConnection dbFile $ \conn ->
-- | Return a list of all sessions in the Sessions table.
list :: FilePath -> IO [T.StoredSession]
list dbFile = withConnection dbFile $ \conn ->
query_ conn "SELECT * FROM Sessions"
query_ conn "SELECT (uuid,username,tsCreated) FROM Sessions"

2
src/Trips.hs
View file

@ -24,4 +24,4 @@ delete dbFile tripPK =
-- | Return a list of all of the trips in `dbFile`.
list :: FilePath -> IO [T.Trip]
list dbFile = withConnection dbFile $ \conn ->
query_ conn "SELECT * FROM Trips"
query_ conn "SELECT (username,destination,startDate,endDate,comment) FROM Trips"