Skip to content

Ability to use parameterized queries, including with textareas #7

New issue
New issue
Closed
Closed
Ability to use parameterized queries, including with textareas#7
Labels
enhancementNew feature or request
@simonw

Description

@simonw
simonw
opened on Jan 11, 2023

This would have been useful for inserting a big blob of JSON data as seen in this TIL: https://til.simonwillison.net/sqlite/geopoly

I had to manually replace ' with '' in order to get the import to work.

It would have been better if I could have done this:

insert into raw_data (geojson) values (:geojson_textarea)

And had it detect the parameter and use it to add a textarea to the page.

Might have to detect it with JavaScript here since unlike GET read-only queries it's not safe to submit the query first.

Thought I could detect incoming POST that was missing those params and redirect to a ?sql= GET page that prepopulates the form and adds the form fields.

Need protection against clickjacking attacks if I do that though: prevent framing and add a short countdown before the submit button can be pressed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions