Details
-
Bug
-
Resolution: Unresolved
-
P3: Somewhat important
-
None
-
5.15.2, 6.1.2
-
None
Description
Heuristics for determining read-only properties of a SQL statement passed to executeSql in db.readTransaction callback are insufficient, and generate false-positive errors. Basically, it checks whether a statement immediately starts with a "SELECT" keyword (or rather a sub-string — it does not check what follows it), which rejects properly indented code inside multi-line (aka template) string literals.
db.readTransaction(tx => {
const rs = tx.executeSql(`
SELECT one, two
FROM MyTable
`);
}
qrc:/components/dao/MyDao.qml:42: Error: Read-only Transaction
The code responsible for this mess is inside qmlsqldatabase_executeSql function in qtdeclarative/src/qmllocalstorage/qqmllocalstorage.cpp file.
At the time of writing, it was this:
QString sql = argc ? argv[0].toQString() : QString(); if (r->d()->readonly && !sql.startsWith(QLatin1String("SELECT"),Qt::CaseInsensitive)) { V4THROW_SQL(SQLEXCEPTION_SYNTAX_ERR, QQmlEngine::tr("Read-only Transaction")); }
Note: I DON'T advise stripping/trimming or modifying in any other way a statement string which user passed, as it may lead to much worse diagnostics (wrong locations reported etc).