Edward Langley
7a169e34d5
Add parameterized SQL queries with nginx variables
New Feature: sqlite_param Directive
- Allows passing nginx variables as SQL prepared statement parameters
- Supports query parameters ($arg_name), path captures ($1, $2), headers, etc.
- Safe SQL injection protection via rusqlite prepared statements
- Multiple parameters supported (bound in order to ? placeholders)
Implementation:
- New sqlite_param directive for adding query parameters
- Variable resolution using ngx_http_get_variable() FFI
- UTF-8 validation on all variable values
- Updated execute_query() to accept parameter array
- rusqlite::ToSql parameter binding
Examples:
- Book detail by ID: /book?id=1
- Genre filtering: /genre?genre=Programming
- Year range search: /years?min=2015&max=2024
New Files:
- conf/book_detail.conf: Parameter examples configuration
- server_root/book/detail.hbs: Book detail page template
- server_root/genre/genre.hbs: Genre filter page template
- start_book_detail.sh: Quick start script for params example
- README.md: Comprehensive project documentation
- README_PARAMETERS.md: Parameters feature documentation
Configuration:
- MainConfig now supports global_templates_dir
- ModuleConfig extended with query_params Vec
- Handler resolves variables at request time
- Template paths adjusted for exact location matches
All examples tested and working with both static and parameterized queries.