Change Details

Allow use of prepared SQL statements in `{{#get_db_data:}}`. Define prepared SQL statements in `LocalSettings.php` per database connection. Examples - One statement per connection: In `LocalSettings.php`: ``` $edgDBServer ['rfam'] = 'mysql-rfam-public.ebi.ac.uk:4497'; $edgDBServerType['rfam'] = 'mysql'; $edgDBName ['rfam'] = 'Rfam'; $edgDBUser ['rfam'] = 'rfamro'; $edgDBPass ['rfam'] = ''; $edgDBPrepared ['rfam'] = <<<'SQL' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end FROM full_region fr, rfamseq rf, taxonomy tx WHERE rf.ncbi_id = tx.ncbi_id AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.ncbi_id = ? AND is_significant = 1 -- exclude low-scoring matches from the same clan SQL; ``` In wikitext: ``` {{#get_db_data: db = rfam | from=whatever <!-- this parameter is ignored --> | where=1=10116 <!-- this parameter is used to substitute question marks in prepared statement --> | data=account=rfam_acc,sec=rfamseq_acc,start=seq_start,end=seq_end }} ``` - Several statements per connection: In `LocalSettings.php`: ``` $edgDBServer ['rfam'] = 'mysql-rfam-public.ebi.ac.uk:4497'; $edgDBServerType['rfam'] = 'mysql'; $edgDBName ['rfam'] = 'Rfam'; $edgDBUser ['rfam'] = 'rfamro'; $edgDBPass ['rfam'] = ''; $edgDBPrepared ['rfam'] = [ 'sequences' => <<<'SEQ' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end FROM full_region fr, rfamseq rf, taxonomy tx WHERE rf.ncbi_id = tx.ncbi_id AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.ncbi_id = ? AND is_significant = 1 -- exclude low-scoring matches from the same clan SEQ;, 'sno' => <<<'SNO' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end, f.type FROM full_region fr, rfamseq rf, taxonomy tx, family f WHERE rf.ncbi_id = tx.ncbi_id AND f.rfam_acc = fr.rfam_acc AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.tax_string LIKE ? AND f.type LIKE '%snoRNA%' AND is_significant = 1 -- exclude low-scoring matches from the same clan SNO]; ``` In wikitext: ``` {{#get_db_data: db = rfam | from=sequences <!-- this parameter is used to choose one of the prepared statements --> | where=1=10116 <!-- this parameter is used to substitute question marks in prepared statement --> | data=account=rfam_acc,sec=rfamseq_acc,start=seq_start,end=seq_end }} ``` If prepared SQL statements are defined for a database connection, arbitrary SQL queries are effectively disallowed.

Allow use of prepared SQL statements in `{{#get_db_data:}}`. Define prepared SQL statements in `LocalSettings.php` per database connection. Examples: - One statement per connection: In `LocalSettings.php`: ``` $edgDBServer ['rfam'] = 'mysql-rfam-public.ebi.ac.uk:4497'; $edgDBServerType['rfam'] = 'mysql'; $edgDBName ['rfam'] = 'Rfam'; $edgDBUser ['rfam'] = 'rfamro'; $edgDBPass ['rfam'] = ''; $edgDBPrepared ['rfam'] = <<<'SQL' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end FROM full_region fr, rfamseq rf, taxonomy tx WHERE rf.ncbi_id = tx.ncbi_id AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.ncbi_id = ? AND is_significant = 1 -- exclude low-scoring matches from the same clan SQL; ``` In wikitext: ``` {{#get_db_data: db = rfam | from=whatever <!-- this parameter is ignored --> | where=1=10116 <!-- this parameter is used to substitute question marks in prepared statement --> | data=account=rfam_acc,sec=rfamseq_acc,start=seq_start,end=seq_end }} ``` - Several statements per connection: In `LocalSettings.php`: ``` $edgDBServer ['rfam'] = 'mysql-rfam-public.ebi.ac.uk:4497'; $edgDBServerType['rfam'] = 'mysql'; $edgDBName ['rfam'] = 'Rfam'; $edgDBUser ['rfam'] = 'rfamro'; $edgDBPass ['rfam'] = ''; $edgDBPrepared ['rfam'] = [ 'sequences' => <<<'SEQ' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end FROM full_region fr, rfamseq rf, taxonomy tx WHERE rf.ncbi_id = tx.ncbi_id AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.ncbi_id = ? AND is_significant = 1 -- exclude low-scoring matches from the same clan SEQ;, 'sno' => <<<'SNO' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end, f.type FROM full_region fr, rfamseq rf, taxonomy tx, family f WHERE rf.ncbi_id = tx.ncbi_id AND f.rfam_acc = fr.rfam_acc AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.tax_string LIKE ? AND f.type LIKE '%snoRNA%' AND is_significant = 1 -- exclude low-scoring matches from the same clan SNO]; ``` In wikitext: ``` {{#get_db_data: db = rfam | from=sequences <!-- this parameter is used to choose one of the prepared statements --> | where=1=10116 <!-- this parameter is used to substitute question marks in prepared statement --> | data=account=rfam_acc,sec=rfamseq_acc,start=seq_start,end=seq_end }} ``` If prepared SQL statements are defined for a database connection, arbitrary SQL queries are effectively disallowed.

Allow use of prepared SQL statements in `{{#get_db_data:}}`. Define prepared SQL statements in `LocalSettings.php` per database connection. Examples: - One statement per connection: In `LocalSettings.php`: ``` $edgDBServer ['rfam'] = 'mysql-rfam-public.ebi.ac.uk:4497'; $edgDBServerType['rfam'] = 'mysql'; $edgDBName ['rfam'] = 'Rfam'; $edgDBUser ['rfam'] = 'rfamro'; $edgDBPass ['rfam'] = ''; $edgDBPrepared ['rfam'] = <<<'SQL' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end FROM full_region fr, rfamseq rf, taxonomy tx WHERE rf.ncbi_id = tx.ncbi_id AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.ncbi_id = ? AND is_significant = 1 -- exclude low-scoring matches from the same clan SQL; ``` In wikitext: ``` {{#get_db_data: db = rfam | from=whatever <!-- this parameter is ignored --> | where=1=10116 <!-- this parameter is used to substitute question marks in prepared statement --> | data=account=rfam_acc,sec=rfamseq_acc,start=seq_start,end=seq_end }} ``` - Several statements per connection: In `LocalSettings.php`: ``` $edgDBServer ['rfam'] = 'mysql-rfam-public.ebi.ac.uk:4497'; $edgDBServerType['rfam'] = 'mysql'; $edgDBName ['rfam'] = 'Rfam'; $edgDBUser ['rfam'] = 'rfamro'; $edgDBPass ['rfam'] = ''; $edgDBPrepared ['rfam'] = [ 'sequences' => <<<'SEQ' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end FROM full_region fr, rfamseq rf, taxonomy tx WHERE rf.ncbi_id = tx.ncbi_id AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.ncbi_id = ? AND is_significant = 1 -- exclude low-scoring matches from the same clan SEQ;, 'sno' => <<<'SNO' SELECT fr.rfam_acc, fr.rfamseq_acc, fr.seq_start, fr.seq_end, f.type FROM full_region fr, rfamseq rf, taxonomy tx, family f WHERE rf.ncbi_id = tx.ncbi_id AND f.rfam_acc = fr.rfam_acc AND fr.rfamseq_acc = rf.rfamseq_acc AND tx.tax_string LIKE ? AND f.type LIKE '%snoRNA%' AND is_significant = 1 -- exclude low-scoring matches from the same clan SNO]; ``` In wikitext: ``` {{#get_db_data: db = rfam | from=sequences <!-- this parameter is used to choose one of the prepared statements --> | where=1=10116 <!-- this parameter is used to substitute question marks in prepared statement --> | data=account=rfam_acc,sec=rfamseq_acc,start=seq_start,end=seq_end }} ``` If prepared SQL statements are defined for a database connection, arbitrary SQL queries are effectively disallowed.