Re: Re: [sqlite] Need help on build query.
Thanks
--- [EMAIL PROTECTED] wrote:
> "Igor Tandetnik" <[EMAIL PROTECTED]> wrote:
> > Artem Yankovskiy
>
> > wrote:
> > > I know about DROP TABLE.
> > > I have not knew when compatibility DROP TABLE
> and
> > > SELECT...
> > >
> > > DROP TABLE (select name from sqlite_master
> where...)
> > > did not work.
> > > Can I build resembling query?
> >
> > No. You will have to run the select, store table
> names in memory, then
> > build and run a separate DROP TABLE query for each
> table name.
> >
>
> Igor is correct - you cannot do that now. But I
> have sometimes
> wondered if it would be nice to add an exec()
> function to SQLite
> that would recursively invoke its argument as an SQL
> script.
> For example:
>
>SELECT exec('DELETE FROM ' || quote(name))
> FROM sqlite_master
> WHERE ;
>
> There would be security implications here, of
> course. Clearly
> one would need to make sure that user-entered SQL
> (such as can
> be seen at http://www.sqlite.org/cvstrac/new) does
> not have access
> to the eval() function, just as it does not have
> access to the
> the load_extension() function.
>
> --
> D. Richard Hipp <[EMAIL PROTECTED]>
>
>
>
-
> To unsubscribe, send email to
> [EMAIL PROTECTED]
>
-
>
>
Best regards,
Artem Yankovskiy
Вы уже с Yahoo!?
Испытайте обновленную и улучшенную. Yahoo! Почту! http://ru.mail.yahoo.com
-
To unsubscribe, send email to [EMAIL PROTECTED]
-
Re: [sqlite] Need help on build query.
"Jay Sprenkle" <[EMAIL PROTECTED]> wrote:
> On 2/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> >
> > Igor is correct - you cannot do that now. But I have sometimes
> > wondered if it would be nice to add an exec() function to SQLite
> > that would recursively invoke its argument as an SQL script.
> > For example:
> >
> >SELECT exec('DELETE FROM ' || quote(name))
> > FROM sqlite_master
> > WHERE ;
> >
> > There would be security implications here, of course. Clearly
> > one would need to make sure that user-entered SQL (such as can
> > be seen at http://www.sqlite.org/cvstrac/new) does not have access
> > to the eval() function, just as it does not have access to the
> > the load_extension() function.
> >
>
>
> Perhaps if the row in sqlite_master were deleted that could invoke the drop
> table functionality?
That would certainly make the table vanish from view. But
it wouldn't free the associated disk space. And if you failed
to delete associated indices, that also could give trouble.
Notice also that you cannot easily edit the SQLITE_MASTER table -
the library won't let you unless you use a magic, undocumented
pragma first.
--
D. Richard Hipp <[EMAIL PROTECTED]>
-
To unsubscribe, send email to [EMAIL PROTECTED]
-
Re: [sqlite] Need help on build query.
On 2/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Igor is correct - you cannot do that now. But I have sometimes
wondered if it would be nice to add an exec() function to SQLite
that would recursively invoke its argument as an SQL script.
For example:
SELECT exec('DELETE FROM ' || quote(name))
FROM sqlite_master
WHERE ;
There would be security implications here, of course. Clearly
one would need to make sure that user-entered SQL (such as can
be seen at http://www.sqlite.org/cvstrac/new) does not have access
to the eval() function, just as it does not have access to the
the load_extension() function.
Perhaps if the row in sqlite_master were deleted that could invoke the drop
table functionality?
Re: [sqlite] Need help on build query.
"Igor Tandetnik" <[EMAIL PROTECTED]> wrote:
> Artem Yankovskiy
> wrote:
> > I know about DROP TABLE.
> > I have not knew when compatibility DROP TABLE and
> > SELECT...
> >
> > DROP TABLE (select name from sqlite_master where...)
> > did not work.
> > Can I build resembling query?
>
> No. You will have to run the select, store table names in memory, then
> build and run a separate DROP TABLE query for each table name.
>
Igor is correct - you cannot do that now. But I have sometimes
wondered if it would be nice to add an exec() function to SQLite
that would recursively invoke its argument as an SQL script.
For example:
SELECT exec('DELETE FROM ' || quote(name))
FROM sqlite_master
WHERE ;
There would be security implications here, of course. Clearly
one would need to make sure that user-entered SQL (such as can
be seen at http://www.sqlite.org/cvstrac/new) does not have access
to the eval() function, just as it does not have access to the
the load_extension() function.
--
D. Richard Hipp <[EMAIL PROTECTED]>
-
To unsubscribe, send email to [EMAIL PROTECTED]
-
