Prepared statements everywhere

This commit is contained in:
Roberto Alsina 2024-05-16 15:31:09 -03:00
parent 76e16ca803
commit f2ee8aa6e8
2 changed files with 45 additions and 49 deletions

View File

@ -88,57 +88,52 @@ class Handler
year = year.to_i? year = year.to_i?
datos = [] of Tuple(Int32, String)
DB.open(DB_URL) do |cursor|
if prefijo.nil? && year.nil? if prefijo.nil? && year.nil?
# Global totals # Global totals
sql = %( result_set = cursor.query("
SELECT total::integer, nombre SELECT total::integer, nombre
FROM totales FROM totales
ORDER BY total DESC ORDER BY total DESC
LIMIT 50 LIMIT 50")
)
elsif prefijo.nil? && !year.nil? elsif prefijo.nil? && !year.nil?
# Per-year totals # Per-year totals
sql = %( result_set = cursor.query("
SELECT contador::integer, nombre SELECT contador::integer, nombre
FROM nombres FROM nombres
WHERE WHERE
anio = '#{year}' anio = $1
ORDER BY contador DESC ORDER BY contador DESC
LIMIT 50 LIMIT 50", year)
)
elsif !prefijo.nil? && year.nil? elsif !prefijo.nil? && year.nil?
# Filter only by prefix # Filter only by prefix
sql = %( result_set = cursor.query("
SELECT total, nombre SELECT total::integer, nombre
FROM totales FROM totales
WHERE WHERE
nombre LIKE '#{prefijo}%' nombre LIKE $1
ORDER BY total DESC ORDER BY total DESC
LIMIT 50 LIMIT 50", prefijo + "%")
) elsif !prefijo.nil? && !year.nil?
else
# We have both # We have both
sql = %( result_set = cursor.query("
SELECT contador, nombre SELECT contador::integer, nombre
FROM nombres FROM nombres
WHERE WHERE
anio = '#{year}' AND anio = $1 AND
nombre LIKE '#{prefijo}%' nombre LIKE $2
ORDER BY contador DESC ORDER BY contador DESC
LIMIT 50 LIMIT 50", year, prefijo + "%")
)
end end
puts "QUERY: #{sql}" if !result_set.nil?
datos = [] of Tuple(Int32, String)
DB.open(DB_URL) do |cursor|
cursor.query sql do |result_set|
result_set.each do result_set.each do
valor = result_set.read(Int32) valor = result_set.read(Int32)
nombre = result_set.read(String) nombre = result_set.read(String)
datos.push({valor, nombre}) datos.push({valor, nombre})
end end
result_set.close
end end
end end

View File

@ -9,6 +9,8 @@ require "pg"
USER = File.read("/var/openfaas/secrets/nombres-user").strip USER = File.read("/var/openfaas/secrets/nombres-user").strip
PASS = File.read("/var/openfaas/secrets/nombres-pass").strip PASS = File.read("/var/openfaas/secrets/nombres-pass").strip
DB_URL = "postgres://#{USER}:#{PASS}@10.61.0.1:5432/nombres"
class Handler class Handler
def format_buffer(buffer, canvas_name, title = "") def format_buffer(buffer, canvas_name, title = "")
@ -41,14 +43,14 @@ class Handler
html.gsub("gnuplot_canvas", canvas_name) html.gsub("gnuplot_canvas", canvas_name)
end end
def query(sql) def query(sql, nombre)
# Runs a SQL query against the database. # Runs a SQL query against the database.
# #
# Returns an array of values [[Year,Count]...] # Returns an array of values [[Year,Count]...]
# Or nil if there are no results # Or nil if there are no results
DB.open("postgres://#{USER}:#{PASS}@10.61.0.1:5432/nombres") do |cursor| DB.open(DB_URL) do |cursor|
cursor.query sql do |result_set| cursor.query(sql, nombre) do |result_set|
result = [] of Tuple(Int32, Int32) result = [] of Tuple(Int32, Int32)
result_set.each do result_set.each do
year = result_set.read(Int32) year = result_set.read(Int32)
@ -96,10 +98,9 @@ class Handler
show_key(true) show_key(true)
xrange(1922..2015) xrange(1922..2015)
nombres.map { |nombre| nombres.map { |nombre|
sql = "SELECT anio::integer, contador::integer FROM nombres WHERE nombre = '#{nombre}' ORDER BY anio"
x = Array(Int32).new x = Array(Int32).new
y = Array(Int32).new y = Array(Int32).new
results = query(sql) results = query("SELECT anio::integer, contador::integer FROM nombres WHERE nombre = $1 ORDER BY anio", nombre)
if results.nil? # No results, all 0s if results.nil? # No results, all 0s
x = (1922..2015).to_a x = (1922..2015).to_a
y = x.map { |_| 0 } y = x.map { |_| 0 }