是否RedQueryBuilder api,它允许访问查询树,而不是完成的 sql? 我想编写安全的方法来接收来自客户端的 SQL 请求,从而在服务器上形成最终的 SQL。 例如,客户端可以发送:
{
op: "AND",
left: {
op: "=",
left: "name",
right: "Bob"
},
right: {
op: "<",
left: "time",
right: "1300000000" // now() timestamp
}
}
最佳答案
最后,我在客户端使用SQL解析器构建条件树并像json一样发送到服务器。
这是我简化的管理界面: https://gist.github.com/Somewater/5705567
in a nutshell: 1) ReQueryBulder generate SQL request (string) 2) SQL Parser create SQL request structure 3) My code convert SQL Parser structure to simple json (as stated above) 4) send json to the server
And server request parser (ruby): https://gist.github.com/Somewater/5705620
And I can handle request on server like this (Rails request controller in my example):
include ConditionsBuilder
cond = JSON.parse(request.params['cond']) # conditions like json string
condTree = self.parse_sql_conditions_from_json(cond) # conditions like btree structure
# perform some conditions checks, for example, add additional conditions
permission_conds = And[ GtEq['permissions', 12], Eq['is_admin', 1] ]
condTree = And[condTree, permission_conds]
conditions = self.build_sql_conditions((Time.new - 90.days).to_i, Time.new.to_i, condTree)
# handle sql request: "SELECT * FROM tablename WHERE " + conditions.to_s
关于javascript - 访问 RedQueryBuilder 中的请求结构,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16892724/