*: introduce new API ParseWithParams (#22499)

[ti-srebot]

cherry-pick #22499 to release-4.0
You can switch your code base to this Pull Request by using git-extras:

# In tidb repo:
git pr https://github.com/pingcap/tidb/pull/22548

After apply modifications, you can push your change to this PR via:

git push git@github.com:ti-srebot/tidb.git pr/22548:release-4.0-ae0057da714e

---

What problem does this PR solve?

Problem Summary: This PR adds a new API ParseWithParams to help process unsafe arguments than just fmt.Sprintf. Also a helper API ExecuteInternal that is using ParseWithParams and ExecuteStmt.

I did not use PrepareStmt since it is not possible to use placeholder like select * from t where c in ?. But we do have such requirement.

ExecuteInternal is redefined to use ParseWithParams and always use utf8 charset for safety. But it is still needed to modify cases like ExecuteInternal(fmt.Sprintf(...)).

ExecRestrictedSQL is too large, thus it is both annoying and duplicated to write a new RestrictedSQLExecutor based on ParseWithParams. From the git history, this is a very legacy API that is 4 or 5 years old. It should be removed/refactored in further works. So the current plan is, write like ExecRestrictedSQL(session.EscapeSQL(sql, args...)). And it will goes to the modified ExecuteInternal eventually to use utf8 charset to prevent attacks based on charsets.

Check List

Tests

• Unit test
• Integration test

Release note

• No release note

[ti-srebot]

/run-all-tests

[ti-srebot]

@xhebox you're already a collaborator in bot's repo.

[morgo]

LGTM

[ti-srebot]

@morgo, Thanks for your review. The bot only counts LGTMs from Reviewers and higher roles, but you're still welcome to leave your comments. See the corresponding SIG page for more information. Related SIGs: execution(slack),sql-infra(slack).

[morgo]

LGTM

[bb7133]

LGTM

[bb7133]

/merge

[ti-srebot]

Sorry @bb7133, this branch's release version is in progress, please contact zhouqiang-cl,shuke987,jebter,you06 for more details.

[ti-chi-bot]

@AilinKid: Please use /LGTM instead of LGTM when you want to approve the pull request by comment.
If you use the GitHub review feature, please approve the PR directly, the comment will not take effect in the GitHub review feature.
If you have any qustions please refer to lgtm command help or lgtm plugin design.

If you have approved this PR, please ignore this reply. This reply is being used as a temporary reply during the migration of the new bot and will be removed on April 1.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[AilinKid]

LGTM

[AilinKid]

/run-all-tests

[xhebox]

LGTM

Is this branch merge-able now?

[tiancaiamao]

LGTM

Is this branch merge-able now?

It depends on whether the 4.0 branch is still frozen

[morgo]

/merge

[ti-chi-bot]

@morgo: It seems you want to merge this PR, I will help you trigger all the tests:

/run-all-tests

You only need to trigger /merge once, and if the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

If you have any questions about the PR merge process, please refer to pr process.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Details

Commit hash: f248dbd

[ti-chi-bot]

@ti-srebot: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.