-- Copyright 2010, 2011, 2012 Chris Forno module Database.TemplatePG (-- *Introduction -- $intro -- *Usage -- $usage -- **Compile-Time Parameters -- $compiletime -- *Caveats -- $caveats -- *Limitations and Workarounds -- **A Note About NULL -- $nulls -- **Other Workarounds -- $other PGException(..) , pgConnect , pgDisconnect , queryTuples , queryTuple , execute , withTransaction , rollback , insertIgnore ) where import Database.TemplatePG.Protocol import Database.TemplatePG.SQL -- $intro -- TemplatePG is designed with 2 goals in mind: safety and performance. The -- primary focus is on safety. -- -- To help ensure safety, it uses the PostgreSQL server to parse every query -- and statement in your code to infer types at compile-time. This means that -- in theory you cannot get a syntax error at runtime. Getting proper types at -- compile time has the nice side-effect that it eliminates run-time type -- casting and usually results in less code. This approach was inspired by -- MetaHDBC (<http://haskell.org/haskellwiki/MetaHDBC>) and PG'OCaml -- (<http://pgocaml.berlios.de/>). -- -- While compile-time query analysis eliminates many errors, it doesn't -- eliminate all of them. If you modify the database without recompilation or -- have an error in a trigger or function, for example, you can still trigger a -- 'PGException'. -- -- With that in mind, TemplatePG currently does a number of unsafe things. It -- doesn't properly close the connection with the PostgreSQL server. It doesn't -- handle unexpected messages from the server very gracefully, and it's not -- entirely safe when working with nullable result fields. I hope to fix all of -- these at some point in the future. In the meantime, use the software at your -- own risk. Note however that TemplatePG is currently powering -- <http://www.vocabulink.com/> with no problems yet. (For usage examples, you -- can see the Vocabulink source code at <http://jekor.com/vocabulink/vocabulink.tar.gz>). -- -- To improve performance, TemplatePG does not use prepared statements. In -- theory, this saves bandwidth (and a potential round-trip) and time for the -- extra step of binding parameters. Again in theory, this is also safe because -- we know the types of parameters at compile time. However, it still feels -- risky (and I would appreciate any audit of the code doing this, especially -- 'escapeString'). -- -- Note that you'll need to use -XConstraintKinds to use TemplatePG. -- $usage -- 'queryTuples' does all the work ('queryTuple' and 'execute' are convenience -- functions). -- -- It's a Template Haskell function, so you need to splice it into your program -- with @$()@. It requires a 'Handle' to a PostgreSQL server, but can't be -- given one at compile-time, so you need to pass it after the splice: -- -- @h <- pgConnect ...@ -- -- @tuples <- $(queryTuples \"SELECT * FROM pg_database\") h@ -- -- To pass parameters to a query, include them in the string with {}. Most -- Haskell expressions should work. For example: -- -- @let owner = 33@ -- -- @tuples <- $(queryTuples \"SELECT * FROM pg_database WHERE datdba = {owner} LIMIT {2 * 3}\") h@ -- -- Note that parameters may only be used where PostgreSQL will allow them. This -- will not work: -- -- @tuples <- $(queryTuples \"SELECT * FROM {tableName}\") h@ -- -- And in general, you cannot construct queries at run-time, since they -- wouldn't be available to be analyzed at compile time. -- $compiletime -- TemplatePG needs information about the database to connect to at compile -- time (in the form of environment variables). -- -- You must set at least @TPG_DB@: -- -- [@TPG_DB@] the database name to use -- -- [@TPG_USER@] the username to connect as (default: @postgres@) -- -- [@TPG_PASS@] the password to use (default: /empty/) -- -- [@TPG_HOST@] the host to connect to (default: @localhost@) -- -- [@TPG_PORT@] the port number to connect on (default: @5432@) -- -- You can set @TPG_DEBUG@ to get a rough protocol-level trace (pipe to -- @hexdump@). -- $caveats -- TemplatePG assumes that it has a UTF-8 connection to a UTF-8 database. -- -- TemplatePG does not bind parameters with prepared statements (at run-time), -- instead it relies on its own type conversion and string escaping. The -- technique might have a security vulnerability. You should also set -- @standard_conforming_strings = on@ in your @postgresql.conf@. -- -- I've included 'withTransaction', 'rollback', and 'insertIgnore', but they've -- not been thoroughly tested, so use them at your own risk. -- $nulls -- Sometimes TemplatePG cannot determine whether or not a result field can -- potentially be @NULL@. In those cases it will assume that it can. Basically, -- any time a result field is not immediately tracable to an originating table -- and column (such as when a function is applied to a result column), it's -- assumed to be nullable and will be returned as a 'Maybe' value. -- -- Additionally, you cannot directly use @NULL@ values in parameters. As a -- workaround, you might have to use 2 or more separate queries (and @DEFAULT -- NULL@) to @INSERT@ rows with @NULL@s. -- -- Nullability is indicated incorrectly in the case of outer joins. TemplatePG -- incorrectly infers that a field cannot be @NULL@ when it's able to trace the -- result field back to a non-@NULL@ table column. As a workround, you can wrap -- columns with @COALESCE()@ to force them to be returned as 'Maybe' values. -- $other There's no support for reading time intervals yet. As a workaround, -- you can use @extract(epoch from ...)::int@ to get the interval as a number -- of seconds.