diff options
| author | William Carroll <wpcarro@gmail.com> | 2020-07-30T17·52+0100 |
|---|---|---|
| committer | William Carroll <wpcarro@gmail.com> | 2020-07-30T17·52+0100 |
| commit | 6ecab8c3a625d58fa5c4c5daf62a6567b4fc7701 (patch) | |
| tree | 0fe10c6750640706b055fa64e78e92f34dbde392 /src/Accounts.hs | |
| parent | dec8890190ff0b86f1a50044814701ef39b808e6 (diff) | |
Prefer SELECT (a,b,c) to SELECT *
"SELECT *" in SQL may not guarantee the order in which a record's columns are
returned. For example, in my FromRow instances for Account, I make successive call
The following scenario silently and erroneously assigns:
firstName, lastName = lastName, firstName
```sql
CREATE TABLE People (
firstName TEXT NOT NULL,
lastName TEXT NOT NULL,
age INTEGER NOT NULL,
PRIMARY KEY (firstName, lastName)
)
```
```haskell
data Person = Person { firstName :: String, lastName :: String, age :: Integer }
fromRow = do
firstName <- field
lastName <- field
age <- field
pure Person{..}
getPeople :: Connection -> IO [Person]
getPeople conn = query conn "SELECT * FROM People"
```
This silently fails because both firstName and lastName are Strings, and so the
FromRow Person instance type-checks, but you should expect to receive a list of
names like "Wallace William" instead of "William Wallace".
The following won't break the type-checker, but will result in a runtime parsing
error:
```haskell
-- all code from the previous example remains the same except for:
fromRow = do
age <- field
firstName <- field
lastName <- field
```
The "SELECT *" will return records like (firstName,lastName,age), but the
FromRow instance for Person will attempt to parse firstName as
Integer.
So... what have we learned? Prefer "SELECT (firstName,lastName,age)" instead of
"SELECT *".
Diffstat (limited to 'src/Accounts.hs')
| -rw-r--r-- | src/Accounts.hs | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Accounts.hs b/src/Accounts.hs index 97ffaf43d058..e8865baa99f6 100644 --- a/src/Accounts.hs +++ b/src/Accounts.hs @@ -37,7 +37,7 @@ delete dbFile username = withConnection dbFile $ \conn -> do -- | Attempt to find `username` in the Account table of `dbFile`. lookup :: FilePath -> T.Username -> IO (Maybe T.Account) lookup dbFile username = withConnection dbFile $ \conn -> do - res <- query conn "SELECT * FROM Accounts WHERE username = ?" (Only username) + res <- query conn "SELECT (username,password,email,role,profilePicture) FROM Accounts WHERE username = ?" (Only username) case res of [x] -> pure (Just x) _ -> pure Nothing @@ -45,5 +45,5 @@ lookup dbFile username = withConnection dbFile $ \conn -> do -- | Return a list of accounts with the sensitive data removed. list :: FilePath -> IO [T.User] list dbFile = withConnection dbFile $ \conn -> do - accounts <- query_ conn "SELECT * FROM Accounts" + accounts <- query_ conn "SELECT (username,password,email,role,profilePicture) FROM Accounts" pure $ T.userFromAccount <$> accounts |