MCPcopy
hub / github.com/pocketbase/pocketbase / SaveView

Method SaveView

core/view.go:37–72  ·  view source on GitHub ↗

SaveView creates (or updates already existing) persistent SQL view. NB! Be aware that this method is vulnerable to SQL injection and its arguments must come only from trusted input!

(dangerousViewName string, dangerousSelectQuery string)

Source from the content-addressed store, hash-verified

35// NB! Be aware that this method is vulnerable to SQL injection and
36// its arguments must come only from trusted input!
37func (app *BaseApp) SaveView(dangerousViewName string, dangerousSelectQuery string) error {
38 return app.RunInTransaction(func(txApp App) error {
39 // delete old view (if exists)
40 err := txApp.DeleteView(dangerousViewName)
41 if err != nil {
42 return err
43 }
44
45 dangerousSelectQuery, err = normalizeViewSelectQuery(dangerousSelectQuery)
46 if err != nil {
47 return err
48 }
49
50 // (re)create the view
51 //
52 // note: the query is wrapped in a secondary SELECT as a rudimentary
53 // measure to discourage multiple inline sql statements execution
54 viewQuery := fmt.Sprintf("CREATE VIEW {{%s}} AS SELECT * FROM (%s)", dangerousViewName, dangerousSelectQuery)
55 _, err = txApp.DB().NewQuery(viewQuery).Execute()
56 if err != nil {
57 return err
58 }
59
60 // fetch the view table info to ensure that the view was created
61 // because missing tables or columns won't return an error
62 if _, err := txApp.TableInfo(dangerousViewName); err != nil {
63 // manually cleanup previously created view in case the func
64 // is called in a nested transaction and the error is discarded
65 txApp.DeleteView(dangerousViewName)
66
67 return err
68 }
69
70 return nil
71 })
72}
73
74// CreateViewFields creates a new FieldsList from the provided select query.
75//

Callers

nothing calls this directly

Calls 7

RunInTransactionMethod · 0.95
normalizeViewSelectQueryFunction · 0.85
ExecuteMethod · 0.80
NewQueryMethod · 0.80
DeleteViewMethod · 0.65
DBMethod · 0.65
TableInfoMethod · 0.65

Tested by

no test coverage detected