Broken in r1405: Execute Line / Selection as Query: Only works for a line - not multi-line selection
Dear list,
It would appear that the 'Execute Line / Selection as Query' command in the SQL bundle is not working for multi-line selections.
Am I going mad (missing something?), or can someone else confirm this problem please. Even better if you know how to fix it.
Thanks
Jez
On 8. Jul 2007, at 17:22, JezBiz wrote:
It would appear that the 'Execute Line / Selection as Query' command in the SQL bundle is not working for multi-line selections.
It no longer supports multi-line queries -- this is a limitation in the MySQL bindings and presumably exists to limit the usefulness of SQL injection attacks.
The old Execute Query used the mysql shell command which probably parsed the SQL and sent it line-by-line.
Shame. I NEED multi-line SQL Execution. I will be sticking with a previous version of TM then.
I can't see how the issue of SQL injection matters though...
Anyone got a work-around? Can I use the SQL bundle from a previous version in the latest version?
On 16/07/07, Allan Odgaard throw-away-1@macromates.com wrote:
On 8. Jul 2007, at 17:22, JezBiz wrote:
It would appear that the 'Execute Line / Selection as Query' command in the SQL bundle is not working for multi-line selections.
It no longer supports multi-line queries -- this is a limitation in the MySQL bindings and presumably exists to limit the usefulness of SQL injection attacks.
The old Execute Query used the mysql shell command which probably parsed the SQL and sent it line-by-line.
For new threads USE THIS: textmate@lists.macromates.com (threading gets destroyed and the universe will collapse if you don't) http://lists.macromates.com/mailman/listinfo/textmate
On 16. Jul 2007, at 11:14, Jeremy Keen wrote:
Shame. I NEED multi-line SQL Execution. I will be sticking with a previous version of TM then.
I can't see how the issue of SQL injection matters though...
I am parroting Ciarán here, but the problem with injection is when a string is taken from the user and just inserted into a query. E.g. SELECT * FROM table WHERE text = "$string" -- here the user would ensure that $string starts with "; and if multi-line queries is supported, can basically do whatever SQL command he desires.
It seems rather brutal to just cut-off the ability to do multi-line queries in the MySQL API, but apparently that’s what they decided.
Anyone got a work-around? Can I use the SQL bundle from a previous version in the latest version?
That should work, I think r7187 is the last revision prior to the change. So use the following command to checkout that bundle:
svn co http://macromates.com/svn/Bundles/trunk/Bundles/ SQL.tmbundle@7187
There’s a lot of people who do want the multi-line query functionality back, and I used it as well, so presumably a solution will be found, but for now there is the old bundle for those who want it now.
I'm a little confused (not using the bundle much). If it's working in an older version of the bundle, can't you simply re-name the old version of the command and re-introduce it to the bundle (either officially or as a user change) with the new name? Is there something else about the current version Bundle that would break the old command?
- Cliff
On Jul 16, 2007, at 3:41 PM, Allan Odgaard wrote:
On 16. Jul 2007, at 11:14, Jeremy Keen wrote:
Shame. I NEED multi-line SQL Execution. I will be sticking with a previous version of TM then.
I can't see how the issue of SQL injection matters though...
I am parroting Ciarán here, but the problem with injection is when a string is taken from the user and just inserted into a query. E.g. SELECT * FROM table WHERE text = "$string" -- here the user would ensure that $string starts with "; and if multi-line queries is supported, can basically do whatever SQL command he desires.
It seems rather brutal to just cut-off the ability to do multi-line queries in the MySQL API, but apparently that’s what they decided.
Anyone got a work-around? Can I use the SQL bundle from a previous version in the latest version?
That should work, I think r7187 is the last revision prior to the change. So use the following command to checkout that bundle:
svn co http://macromates.com/svn/Bundles/trunk/Bundles/SQL.tmbundle@7187
There’s a lot of people who do want the multi-line query functionality back, and I used it as well, so presumably a solution will be found, but for now there is the old bundle for those who want it now.
For new threads USE THIS: textmate@lists.macromates.com (threading gets destroyed and the universe will collapse if you don't) http://lists.macromates.com/mailman/listinfo/textmate
Cliff,
The difficulty is that the new version introduced a completely and much more friendly way to maintain configuration information like your database username, password, and the database you want to use. The new version also has a completely re-written interface to the table browser, which is now used for executing queries as well.
If you want a quick and dirty work-around for yourself You can use the bundle editor to create your own command:
Set up the command in your own personal bundle as follows:
Save: Current File (or Nothing if you prefer) Commands: mysql --html --user=<your username> --password=<yourpassword> --database=<yourdatabase>
Input: Selected Text or Document Output: Show as html
Assign a key equivalent like cmd-R Scope selector: source.sql
Now if you are in a sql file and hit cmd-R with nothing selected the entire file will be piped to mysql and the results will appear as an html table. If you do the same thing, but with several queries selected then only the selected queries will be piped to mysql.
Hope that helps people until a permanent solution within the SQL bundle is found.
Brad
Why not have the TM plugin split it and send them in succession?
On Jul 16, 2007, at 6:53 PM, Brad Miller wrote:
Cliff,
The difficulty is that the new version introduced a completely and much more friendly way to maintain configuration information like your database username, password, and the database you want to use. The new version also has a completely re-written interface to the table browser, which is now used for executing queries as well.
If you want a quick and dirty work-around for yourself You can use the bundle editor to create your own command:
Set up the command in your own personal bundle as follows:
Save: Current File (or Nothing if you prefer) Commands: mysql --html --user=<your username> -- password=<yourpassword> --database=<yourdatabase>
Input: Selected Text or Document Output: Show as html
Assign a key equivalent like cmd-R Scope selector: source.sql
Now if you are in a sql file and hit cmd-R with nothing selected the entire file will be piped to mysql and the results will appear as an html table. If you do the same thing, but with several queries selected then only the selected queries will be piped to mysql.
Hope that helps people until a permanent solution within the SQL bundle is found.
Brad
-- Brad Miller Assistant Professor, Computer Science Luther College
On 7/16/07, Cliff Pruitt lists.cpruitt@cliffpruitt.com wrote:
I'm a little confused (not using the bundle much). If it's working in an older version of the bundle, can't you simply re-name the old version of the command and re-introduce it to the bundle (either officially or as a user change) with the new name? Is there something else about the current version Bundle that would break the old command?
- Cliff
On Jul 16, 2007, at 3:41 PM, Allan Odgaard wrote:
On 16. Jul 2007, at 11:14, Jeremy Keen wrote:
Shame. I NEED multi-line SQL Execution. I will be sticking with a previous version of TM then.
I can't see how the issue of SQL injection matters though...
I am parroting Ciarán here, but the problem with injection is when a string is taken from the user and just inserted into a query. E.g. SELECT * FROM table WHERE text = "$string" -- here the user would ensure that $string starts with "; and if multi-line queries is supported, can basically do whatever SQL command he desires.
It seems rather brutal to just cut-off the ability to do multi-line queries in the MySQL API, but apparently that's what they decided.
Anyone got a work-around? Can I use the SQL bundle from a previous version in the latest version?
That should work, I think r7187 is the last revision prior to the change. So use the following command to checkout that bundle:
svn co http://macromates.com/svn/Bundles/trunk/Bundles/SQL.tmbundle@7187
There's a lot of people who do want the multi-line query functionality back, and I used it as well, so presumably a solution will be found, but for now there is the old bundle for those who want it now.
_
For new threads USE THIS: textmate@lists.macromates.com (threading gets destroyed and the universe will collapse if you
don't)
_ For new threads USE THIS: textmate@lists.macromates.com (threading gets destroyed and the universe will collapse if you don't) http://lists.macromates.com/mailman/listinfo/textmate
For new threads USE THIS: textmate@lists.macromates.com (threading gets destroyed and the universe will collapse if you don't) http://lists.macromates.com/mailman/listinfo/textmate
On Jul 16, 2007, at 6:53 PM, Brad Miller wrote:
The difficulty is that the new version introduced a completely and much more friendly way to maintain configuration information like your database username, password, and the database you want to use.
Again, I don't use the bundle much so I'll take your word for it. I'm sure there's a good reason indeed.
- Cliff
-
Allan Odgaard -
Brad Miller -
Cliff Pruitt -
Eric Coleman -
Jeremy Keen -
JezBiz