Module: Dbviewer::DatabaseOperations::QueryOperations

Extended by:

ActiveSupport::Concern

Included in:

Dbviewer::DatabaseOperations

Defined in:

app/controllers/concerns/dbviewer/database_operations/query_operations.rb

Instance Method Summary

• #default_query(table_name) ⇒ Object
• #execute_query(query) ⇒ Object

  Execute the prepared SQL query.

• #prepare_query(table_name, query) ⇒ Object

  Prepare the SQL query - either from params or default.

Instance Method Details

#default_query(table_name) ⇒ Object

# File 'app/controllers/concerns/dbviewer/database_operations/query_operations.rb', line 27

def default_query(table_name)
  quoted_table = safe_quote_table_name(table_name)
  "SELECT * FROM #{quoted_table} LIMIT 100"
end

#execute_query(query) ⇒ Object

Execute the prepared SQL query

# File 'app/controllers/concerns/dbviewer/database_operations/query_operations.rb', line 23

def execute_query(query)
  database_manager.execute_query(query)
end

#prepare_query(table_name, query) ⇒ Object

Prepare the SQL query - either from params or default

# File 'app/controllers/concerns/dbviewer/database_operations/query_operations.rb', line 7

def prepare_query(table_name, query)
  # Sanitize and validate input
  sanitized_query = sanitize_query_input(query)
  final_query = sanitized_query.present? ? sanitized_query.to_s : default_query(table_name)

  # Validate query for security
  unless ::Dbviewer::Validator::Sql.safe_query?(final_query)
    log_unsafe_query_attempt(final_query)
    final_query = default_query(table_name)
    flash.now[:warning] = "Only SELECT queries are allowed. Your query contained potentially unsafe operations. Using default query instead."
  end

  final_query
end