MIME-Version: 1.0
References: 
 <CAO+oWtBxAaDxdPOkcf=bTU0D6sDogX_az4SgN-5zKZt-9G=2xQ@mail.gmail.com>
 <CA+OCxozieNmgfoGFq0G0Mxy+bu2Ct6hK9goZA3xtVJm9EaK6HA@mail.gmail.com>
 <CAO+oWtA13KM+jmWm+MkGbmLps2dh3B06mEZu6-PQjZ0ip7+G6g@mail.gmail.com>
 <CA+OCxoxMdX9Lsyugx7=_CZ3Z6K9jxHVTOBu4q=5_1cwgXsP7LQ@mail.gmail.com>
 <CAM9w-_mdXSmj2xv9W2k6hdmdY+3V8rfi4gnjBA_Jy28ZYkza2Q@mail.gmail.com>
In-Reply-To: 
 <CAM9w-_mdXSmj2xv9W2k6hdmdY+3V8rfi4gnjBA_Jy28ZYkza2Q@mail.gmail.com>
From: Dave Page <dpage@pgadmin.org>
Date: Fri, 19 Apr 2024 11:40:37 +0100
Message-ID: 
 <CA+OCxozSdrD1ziKmfd_xLh72P031vdEo60wZxniyYP9sBLoM7Q@mail.gmail.com>
Subject: Re: Regarding feature #6841
To: Aditya Toshniwal <aditya.toshniwal@enterprisedb.com>
Cc: Anil Sahoo <anil.sahoo@enterprisedb.com>, pgadmin-hackers@postgresql.org
Content-Type: multipart/alternative; boundary="00000000000090312a061670b8ae"
Archived-At: 
 <https://www.postgresql.org/message-id/CA%2BOCxozSdrD1ziKmfd_xLh72P031vdEo60wZxniyYP9sBLoM7Q%40mail.gmail.com>
Precedence: bulk

--00000000000090312a061670b8ae
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 19 Apr 2024 at 05:15, Aditya Toshniwal <
aditya.toshniwal@enterprisedb.com> wrote:

> Hi Dave,
>
> On Thu, Apr 18, 2024 at 8:07=E2=80=AFPM Dave Page <dpage@pgadmin.org> wro=
te:
>
>> Hi
>>
>> On Thu, 18 Apr 2024 at 15:26, Anil Sahoo <anil.sahoo@enterprisedb.com>
>> wrote:
>>
>>> Hi Dave,
>>> We took help from Code Mirror, i.e Code Mirror gives the parsed SQL fro=
m
>>> the editor through a tree called syntaxTree and by using some logic we
>>> extracted the statements which have semicolon in it and also added some
>>> extra logic to break the whole query on next of next line as empty or i=
f
>>> comments are there.
>>>
>>> Using all this logic we got the individual queries and checked where ou=
r
>>> cursor is in editor and checked with the query and through this we got =
the
>>> actual query at cursor position.
>>>
>>> For example,
>>>
>>>    1. if the cursor is at starting or ending position or anywhere in
>>>    between a query with semicolon or without semicolon, that can be sin=
gle
>>>    line or multi line then the query gets extracted.
>>>    2. if the cursor is at starting or ending position or anywhere in
>>>    between a comment that can be single line or multi line then the com=
ment
>>>    gets extracted.
>>>    3. if the cursor is at a position where the previous line has a
>>>    query then that query gets extracted.
>>>
>>> For the anonymous block containing multiple queries, code mirror gives
>>> the statements differently. That is an incomplete query we can say, so =
the
>>> query tool gives error. We can say some limitations are there with Code
>>> Mirror.
>>>
>>> Please let me know if you have any questions on this.
>>>
>>
>> My main concern is that it doesn't get it wrong. Ever. Consider:
>>
>> DELETE FROM foo; SELECT * FROM foo;
>>
> It will depend where the cursor is and will pick one of the query, not
> both.
>
>>
>> Is that one statement or two? What if it's in the middle of a pl/python3
>> function:
>>
>> my_sql =3D 'DELETE FROM foo; SELECT * FROM foo;'
>>
>> or
>>
>> my_sql =3D """DELETE FROM foo;
>> SELECT * FROM foo;
>> """
>>
> Since it is a part of the string, it will not run the string part. It wil=
l
> execute along with my_sql=3D....
>

Even if you put the cursor on the "SELECT"? If so, that would imply the
parser understands the string quoting; e.g. in this case, the Python
multiline string. Presumably then it would also understand regular single
and double quotes - what about (for example) a heredoc in a pl/sh function?


>
>> (those are just simple examples from the top of my head).
>>
>> It could be extremely dangerous if we or CodeMirror mis-parses something=
,
>> which seems quite possible unless it has access to the actual parser tha=
t
>> PostgreSQL uses. Which makes me think... what of EPAS? It has an extende=
d
>> parser to handle some of the Oracle compatible syntax. Will CodeMirror g=
et
>> that right?
>>
> CodeMirror parser only provides parsing for standard SQL grammar. It
> doesn't even understand pl/pgsql. It detects the query based on semicolon=
s
> very effectively. We have added our own logic to take that query provided
> by CM and separate it by new line.
> Instead of making it as the main execute button, I realise we should make
> it as the second execute, and keep the main execute untouched.
>

Anil's examples mostly didn't have semicolons though - and in many cases, a
user's script might not if they're writing a bunch of scratch queries and
(as I do currently) executing them as needed by highlighting.

As I'm sure you're starting to understand, I'm extremely concerned that
this automatic parsing could get it wrong in some cases, which could
potentially lead to users inadvertently running a destructive query without
realising it. I'm also concerned that it will lead to less severe
unexpected results; the parser doesn't understand pl/pgsql, so by
extension, it also cannot understand an anonymous function written in
pg/pgsql. Yet, in PostgreSQL an anonymous function (a DO statement) is a
perfectly valid single statement that will contain sub-statements such as
SELECTs or DELETEs etc. that the user may or may not expect to be
considered part of the top-level DO statement.

It sounds like Thom has similar concerns, and I know him well enough to
know he wouldn't chime in without good reason.

--=20
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
EDB: https://www.enterprisedb.com

--00000000000090312a061670b8ae
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Fri, 19 Apr 2024 at 05:15, Aditya =
Toshniwal &lt;<a href=3D"mailto:aditya.toshniwal@enterprisedb.com">aditya.t=
oshniwal@enterprisedb.com</a>&gt; wrote:<br></div><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-lef=
t-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir=
=3D"ltr"><div dir=3D"ltr"><div style=3D"font-family:verdana,sans-serif">Hi=
=C2=A0Dave,</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" clas=
s=3D"gmail_attr">On Thu, Apr 18, 2024 at 8:07=E2=80=AFPM Dave Page &lt;<a h=
ref=3D"mailto:dpage@pgadmin.org" target=3D"_blank">dpage@pgadmin.org</a>&gt=
; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:=
rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr">Hi</di=
v><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On T=
hu, 18 Apr 2024 at 15:26, Anil Sahoo &lt;<a href=3D"mailto:anil.sahoo@enter=
prisedb.com" target=3D"_blank">anil.sahoo@enterprisedb.com</a>&gt; wrote:<b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,20=
4,204);padding-left:1ex"><div dir=3D"ltr">Hi Dave,<div>We took help from Co=
de Mirror, i.e Code Mirror gives the parsed SQL from the editor through a t=
ree called syntaxTree and by using some logic we extracted the statements w=
hich have semicolon in it and also added some extra logic to break the whol=
e query on next of next line as empty or if comments are there.</div><div><=
br></div><div>Using all this logic we got the individual queries and checke=
d where our cursor is in editor and checked=C2=A0with the query=C2=A0and th=
rough this we got the actual query at cursor position.</div><div><br></div>=
<div>For example,=C2=A0</div><div><ol><li>if the cursor is at starting or e=
nding position or anywhere in between a query with semicolon or without sem=
icolon, that can be single line or multi line then the query gets extracted=
.<br></li><li>if the cursor is at starting or ending position or anywhere i=
n between a comment that can be single line or multi line then the comment =
gets extracted.</li><li>if the cursor is at a position where the previous l=
ine has a query then that query gets extracted.=C2=A0</li></ol></div><div>F=
or the anonymous block containing multiple queries, code mirror gives the s=
tatements differently. That is an incomplete query we can say, so the query=
 tool gives error. We can say some limitations are there with Code Mirror.<=
/div><div><br></div><div>Please let me know if you have any questions on th=
is.</div></div></blockquote><div><br></div><div>My main concern is that it =
doesn&#39;t get it wrong. Ever. Consider:</div><div><br></div><div>DELETE F=
ROM foo; SELECT * FROM foo;</div></div></div></blockquote><div><span class=
=3D"gmail_default" style=3D"font-family:verdana,sans-serif">It will depend =
where the cursor is and will pick one of the query, not both.</span>=C2=A0<=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,2=
04);padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_quote"><div><br>=
</div><div>Is that one statement or two? What if it&#39;s in the middle of =
a pl/python3 function:</div><div><br></div><div>my_sql =3D &#39;DELETE FROM=
 foo; SELECT * FROM foo;&#39;</div><div><br></div><div>or=C2=A0</div><div><=
br></div><div>my_sql =3D &quot;&quot;&quot;DELETE FROM foo;=C2=A0</div><div=
>SELECT * FROM foo;<br></div><div>&quot;&quot;&quot;</div></div></div></blo=
ckquote><div><span class=3D"gmail_default" style=3D"font-family:verdana,san=
s-serif">Since it is a part of the string, it will not run the string part.=
 It will execute along with my_sql=3D....</span>=C2=A0</div></div></div></b=
lockquote><div><br></div><div>Even if you put the cursor on the &quot;SELEC=
T&quot;? If so, that would imply the parser understands the string quoting;=
 e.g. in this case, the Python multiline string. Presumably then it would a=
lso understand regular single and double quotes - what about (for example) =
a heredoc in a pl/sh function?</div><div><br></div><div>=C2=A0</div><blockq=
uote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-wi=
dth:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-=
left:1ex"><div dir=3D"ltr"><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border=
-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div=
 dir=3D"ltr"><div class=3D"gmail_quote"><div><br></div><div>(those are just=
 simple examples from the top of my head).=C2=A0</div><div><br></div><div>I=
t could be extremely dangerous if we or CodeMirror mis-parses something, wh=
ich seems quite possible unless it has access to the actual parser that Pos=
tgreSQL uses. Which makes me think... what of EPAS? It has an extended pars=
er to handle some of the Oracle compatible syntax. Will CodeMirror get that=
 right?</div></div></div></blockquote><div><span class=3D"gmail_default" st=
yle=3D"font-family:verdana,sans-serif">CodeMirror parser only provides pars=
ing for standard SQL grammar. It doesn&#39;t even understand pl/pgsql. It d=
etects the query based on semicolons very effectively.</span>=C2=A0<span cl=
ass=3D"gmail_default" style=3D"font-family:verdana,sans-serif">We have adde=
d our own logic to take that query provided by CM and separate it by new li=
ne.</span></div><div><span class=3D"gmail_default" style=3D"font-family:ver=
dana,sans-serif">Instead of making it as the main execute=C2=A0button, I re=
alise we should make it as the second execute, and keep the main execute un=
touched.</span></div></div></div></blockquote><div><br></div><div>Anil&#39;=
s examples mostly didn&#39;t have semicolons though - and in many cases, a =
user&#39;s script might not if they&#39;re writing a bunch of scratch=C2=A0=
queries and (as I do currently) executing them as needed by highlighting.</=
div><div><br></div><div>As I&#39;m sure you&#39;re starting to understand, =
I&#39;m extremely concerned that this automatic parsing could get it wrong =
in some cases, which could potentially lead to users inadvertently running =
a destructive query without realising it. I&#39;m also concerned that it wi=
ll lead to less severe unexpected results; the parser doesn&#39;t understan=
d pl/pgsql, so by extension, it also cannot understand an anonymous functio=
n written in pg/pgsql. Yet, in PostgreSQL an anonymous function (a DO state=
ment) is a perfectly valid single statement that will contain sub-statement=
s such as SELECTs or DELETEs etc. that the user may or may not expect to be=
 considered part of the top-level DO statement.</div><div><br></div><div>It=
 sounds like Thom has similar concerns, and I know him well enough to know =
he wouldn&#39;t chime in without good reason.</div><div>=C2=A0</div></div><=
span class=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=
=3D"gmail_signature"><div dir=3D"ltr">Dave Page<div>pgAdmin: <a href=3D"htt=
ps://www.pgadmin.org" target=3D"_blank">https://www.pgadmin.org</a></div><d=
iv>PostgreSQL: <a href=3D"https://www.postgresql.org" target=3D"_blank">htt=
ps://www.postgresql.org</a><br><div>EDB:=C2=A0<a href=3D"https://www.enterp=
risedb.com" target=3D"_blank">https://www.enterprisedb.com</a></div><div><b=
r></div></div></div></div></div>

--00000000000090312a061670b8ae--