Added option to provide PreparedStatement-like query argument binding

.gitignore

@@ -7,3 +7,19 @@
 out/
 target
 compile/
+
+# eclipse specific git ignore
+*.pydevproject
+.project
+.metadata
+bin/**
+tmp/**
+tmp/**/*
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath

README.md

@@ -5,13 +5,14 @@
 
 ### Difference from original skript-db
 - Fixed local variables disappearance in newer Skript versions (very hacky fix, but it works, so that's good!)
-- Thread-pool size is now automatically increasing on demand with use of CachedThreadPool, instead of a fixed hard-coded number
 - Uses newer versions of dependencies (Increased performance and security)
 - Replaced `synchronously execute` with `quickly execute`, which allows to speed up queries by 50ms with some risk
-- SQL Driver is configurable
+- If a sql query is detected to be running on non-main thread, it becomes synchronous automatically
+- SQL Driver is configurable both in config and in database connection, comes with shaded MariaDB and PostgreSQL drivers
 - A few variable type related bugs fixed
 - Uses Java 11 instead of Java 8
 
+
 ### Installation
 1. Use 1.8+ Minecraft server version.
 2. Use Skript 2.5+ (1.8 Skript fork is needed if you're using 1.8)
@@ -21,15 +22,23 @@
 Stores the connection information for a data source. This should be saved to a variable in a
  `script load` event or manually through an effect command.
 
- The url format for your database may vary! The example provided uses a MySQL database.
+ The url format for your database may vary depending on database you are using. 
+ MariaDB/PostgreSQL users: make sure to check `config.yml` to use the correct driver.
 #### Syntax
 ```
-[the] data(base|[ ]source) [(of|at)] %string%
+[the] data(base|[ ]source) [(of|at)] %string% [with [a] [max[imum]] [connection] life[ ]time of %timespan%] [[(using|with)] [a] driver %-string%]
 ```
 
 #### Examples
 ```
 set {sql} to the database "mysql://localhost:3306/mydatabase?user=admin&password=12345&useSSL=false"
+set {sql} to the database "mariadb://localhost:3306/mydatabase?user=admin&password=12345&useSSL=false"
+set {sql} to the database "postgresql://localhost:3306/mydatabase?user=admin&password=12345&ssl=false"
+set {sql} to the database "sqlite:database.db"
+
+# Extra parameters:
+set {sql} to the database "postgresql://localhost:3306/mydatabase?user=admin&password=12345&ssl=false" with a maximum connection lifetime of 30 minutes
+set {sql} to the database "postgresql://localhost:3306/mydatabase?user=admin&password=12345&ssl=false" with a maximum connection lifetime of 30 minutes using driver "org.postgresql.Driver"
 ```
 
 ---
@@ -71,6 +80,7 @@ Stores the error from the last executed statement, if there was one.
 
 ### Expression `Unsafe Expression` => `text`
 Opts out of automatic SQL injection protection for a specific expression in a statement.
+Note: If using PostgreSQL, this will always be needed, due to skript-db not supporting SQL injection protection for PostgreSQL currently.
 #### Syntax
 ```
 unsafe %text%

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.btk5h</groupId>
     <artifactId>skript-db</artifactId>
-    <version>1.3.8</version>
+    <version>1.4.0</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -28,7 +28,11 @@
         </repository>
         <repository>
             <id>sk89q</id>
-            <url>http://maven.sk89q.com/repo</url>
+            <url>https://maven.sk89q.com/repo</url>
+        </repository>
+        <repository>
+            <id>skript</id>
+            <url>https://repo.skriptlang.org/releases</url>
         </repository>
     </repositories>
 
@@ -100,7 +104,14 @@
         <dependency>
             <groupId>org.mariadb.jdbc</groupId>
             <artifactId>mariadb-java-client</artifactId>
-            <version>3.0.9</version>
+            <version>3.1.2</version>
+            <scope>compile</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>42.6.0</version>
             <scope>compile</scope>
         </dependency>
 

src/main/java/com/btk5h/skriptdb/SkriptDB.java

@@ -73,8 +73,14 @@ public final class SkriptDB extends JavaPlugin {
       }
       try {
         if (out == null) return;
-        out.write("# Only change this if you wish to use a different driver than Java's default, like MariaDB driver.\n");
+
-        out.write("# If you use MariaDB, its driver is shaded together with skript-db, so you can just specify:" + "\"org.mariadb.jdbc.Driver\"" + ".\n");
+        out.write("# How many connections can be awaited for simultaneously, may be useful to increase if SQL database is hosted on a separate machine to account for ping.\n");
+        out.write("# If it is hosted within the same machine, set it to the count of cores your processor has or the count of threads your processor can process at once.\n");
+        out.write("thread-pool-size: " + (Runtime.getRuntime().availableProcessors() + 2) + "\n");
+        out.write("# How long SQL connections should be kept alive in HikariCP. Default: 1800000 (30 minutes)");
+        out.write("max-connection-lifetime: 1800000");
+        out.write("# Only change this if you wish to use a different driver than Java's default, like MariaDB/PostgreSQL driver.\n");
+        out.write("# If you use MariaDB or PostgreSQL, its driver is shaded together with skript-db, so you can just specify:" + "\"org.mariadb.jdbc.Driver\"" + " or " + "\"org.postgresql.Driver\"" + ".\n");
         out.write("sql-driver-class-name: " + "\"default\"" + "\n");
       } catch (IOException e) {
         e.printStackTrace();

src/main/java/com/btk5h/skriptdb/skript/EffExecuteStatement.java

@@ -25,6 +25,7 @@ import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
+import java.util.regex.Pattern;
 
 /**
  * Executes a statement on a database and optionally stores the result in a variable. Expressions
@@ -44,19 +45,21 @@ import java.util.concurrent.Executors;
  * @since 0.1.0
  */
 public class EffExecuteStatement extends Effect {
-    private static final ExecutorService threadPool =
+    private static final ExecutorService threadPool = Executors.newFixedThreadPool(SkriptDB.getInstance().getConfig().getInt("thread-pool-size", 10));
-            Executors.newCachedThreadPool();
+    private static final Pattern ARGUMENT_PLACEHOLDER = Pattern.compile("(?<!\\\\)\\?");
     static String lastError;
 
     static {
         Skript.registerEffect(EffExecuteStatement.class,
                 "execute %string% (in|on) %datasource% " +
-                        "[and store [[the] (output|result)[s]] (to|in) [the] [var[iable]] %-objects%]", "quickly execute %string% (in|on) %datasource% " +
+                        "[with arg[ument][s] %-objects%] [and store [[the] (output|result)[s]] (to|in) [the] [var[iable]] %-objects%]",
-                        "[and store [[the] (output|result)[s]] (to|in) [the] [var[iable]] %-objects%]");
+                "quickly execute %string% (in|on) %datasource% " +
+                        "[with arg[ument][s] %-objects%] [and store [[the] (output|result)[s]] (to|in) [the] [var[iable]] %-objects%]");
     }
 
     private Expression<String> query;
     private Expression<HikariDataSource> dataSource;
+    private Expression<Object> queryArguments;
     private VariableString var;
     private boolean isLocal;
     private boolean isList;
@@ -158,74 +161,80 @@ public class EffExecuteStatement extends Effect {
     }
 
     private Pair<String, List<Object>> parseQuery(Event e) {
-        if (!(query instanceof VariableString)) {
+        if (queryArguments != null) {
+            Object[] args = queryArguments.getArray(e);
+            String queryString = query.getSingle(e);
+            int queryArgCount = (int) ARGUMENT_PLACEHOLDER.matcher(queryString).results().count();
+            if (queryArgCount != args.length) {
+                Skript.warning("Your query has %d question marks, but you provided %d arguments.");
+                args = Arrays.copyOf(args, queryArgCount);
+            }
+            return new Pair<>(query.getSingle(e), List.of(args));
+        } else if (query instanceof VariableString && !((VariableString) query).isSimple()) {
+            return parseVariableQuery(e, (VariableString) query);
+        }
         return new Pair<>(query.getSingle(e), null);
     }
-        VariableString q = (VariableString) query;
-        if (q.isSimple()) {
-            return new Pair<>(q.toString(e), null);
-        }
     
+    private Pair<String, List<Object>> parseVariableQuery(Event e, VariableString varQuery) {
         StringBuilder sb = new StringBuilder();
-        List<Object> parameters = new ArrayList<>();
+        List<Object> parameters = new LinkedList<>();
-        Object[] objects = SkriptUtil.getTemplateString(q);
+        Object[] objects = SkriptUtil.getTemplateString(varQuery);
         
         for (int i = 0; i < objects.length; i++) {
-            Object o = objects[i];
+            if (objects[i] instanceof String) {
-            if (o instanceof String) {
+                sb.append(objects[i]);
-                sb.append(o);
             } else {
-                Expression<?> expr;
+                Expression<?> expr = objects[i] instanceof Expression ? (Expression<?>) objects[i] : SkriptUtil.getExpressionFromInfo(objects[i]);
-                if (o instanceof Expression)
+                boolean standaloneString = isStandaloneString(objects, i);
-                    expr = (Expression<?>) o;
-                else
-                    expr = SkriptUtil.getExpressionFromInfo(o);
-
-                String before = getString(objects, i - 1);
-                String after = getString(objects, i + 1);
-                boolean standaloneString = false;
-
-                if (before != null && after != null) {
-                    if (before.endsWith("'") && after.endsWith("'")) {
-                        standaloneString = true;
-                    }
-                }
-
                 Object expressionValue = expr.getSingle(e);
 
-                if (expr instanceof ExprUnsafe) {
+                Pair<String, Object> toAppend = parseExpressionQuery(expr, expressionValue, standaloneString);
-                    sb.append(expressionValue);
+                sb.append(toAppend.getFirst());
-
+                if (toAppend.getSecond() != null) {
-                    if (standaloneString && expressionValue instanceof String) {
+                    parameters.add(toAppend.getSecond());
-                        String rawExpression = ((ExprUnsafe) expr).getRawExpression();
-                        Skript.warning(
-                                String.format("Unsafe may have been used unnecessarily. Try replacing 'unsafe %1$s' with %1$s",
-                                        rawExpression));
-                    }
-                } else {
-                    parameters.add(expressionValue);
-                    sb.append('?');
-
-                    if (standaloneString) {
-                        Skript.warning("Do not surround expressions with quotes!");
-                    }
                 }
             }
         }
         return new Pair<>(sb.toString(), parameters);
     }
     
+    private Pair<String, Object> parseExpressionQuery(Expression<?> expr, Object expressionValue, boolean standaloneString) {
+        if (expr instanceof ExprUnsafe) {
+            if (standaloneString && expressionValue instanceof String) {
+                Skript.warning(
+                        String.format("Unsafe may have been used unnecessarily. Try replacing 'unsafe %1$s' with %1$s",
+                                ((ExprUnsafe) expr).getRawExpression()));
+            }
+            return new Pair<>((String) expressionValue, null);
+        } else {
+            if (standaloneString) {
+                Skript.warning("Do not surround expressions with quotes!");
+            }
+            return new Pair<>("?", expressionValue);
+        }
+    }
+
     private Object executeStatement(DataSource ds, String baseVariable, Pair<String, List<Object>> query) {
         if (ds == null) {
             return "Data source is not set";
         }
-        Map<String, Object> variableList = new HashMap<>();
+        try (Connection conn = ds.getConnection()) {
-        try (Connection conn = ds.getConnection();
+            try (PreparedStatement stmt = createStatement(conn, query)) {
-             PreparedStatement stmt = createStatement(conn, query)) {
-
                 boolean hasResultSet = stmt.execute();
 
                 if (baseVariable != null) {
+                    return processBaseVariable(baseVariable, stmt, hasResultSet);
+                }
+                return Map.of();
+            }
+        } catch (SQLException ex) {
+            return ex.getMessage();
+        }
+    }
+    
+    private Object processBaseVariable(String baseVariable, PreparedStatement stmt, boolean hasResultSet) throws SQLException {
+        Map<String, Object> variableList = new HashMap<>();
         if (isList) {
             baseVariable = baseVariable.substring(0, baseVariable.length() - 1);
         }
@@ -235,6 +244,20 @@ public class EffExecuteStatement extends Effect {
             crs.populate(stmt.getResultSet());
 
             if (isList) {
+                return fetchQueryResultSet(crs, baseVariable);
+            } else {
+                crs.last();
+                variableList.put(baseVariable, crs.getRow());
+            }
+        } else if (!isList) {
+            //if no results are returned and the specified variable isn't a list variable, put the affected rows count in the variable
+            return Map.of(baseVariable, stmt.getUpdateCount());
+        }
+        return Map.of();
+    }
+    
+    private Map<String, Object> fetchQueryResultSet(CachedRowSet crs, String baseVariable) throws SQLException {
+        Map<String, Object> variableList = new HashMap<>();
         ResultSetMetaData meta = crs.getMetaData();
         int columnCount = meta.getColumnCount();
 
@@ -244,7 +267,6 @@ public class EffExecuteStatement extends Effect {
         }
 
         int rowNumber = 1;
-                        try {
         while (crs.next()) {
             for (int i = 1; i <= columnCount; i++) {
                 variableList.put(baseVariable + meta.getColumnLabel(i).toLowerCase(Locale.ENGLISH)
@@ -252,48 +274,31 @@ public class EffExecuteStatement extends Effect {
             }
             rowNumber++;
         }
-                        } catch (SQLException ex) {
-                            return ex.getMessage();
-                        }
-                    } else {
-                        crs.last();
-                        variableList.put(baseVariable, crs.getRow());
-                    }
-                } else if (!isList) {
-                    //if no results are returned and the specified variable isn't a list variable, put the affected rows count in the variable
-                    variableList.put(baseVariable, stmt.getUpdateCount());
-                }
-            }
-        } catch (SQLException ex) {
-            return ex.getMessage();
-        }
         return variableList;
     }
 
     private PreparedStatement createStatement(Connection conn, Pair<String, List<Object>> query) throws SQLException {
         PreparedStatement stmt = conn.prepareStatement(query.getFirst());
-        List<Object> parameters = query.getSecond();
+        if (query.getSecond() != null) {
-
+            Iterator<Object> iter = query.getSecond().iterator();
-        if (parameters != null) {
+            for (int i = 1; iter.hasNext(); i++) {
-            for (int i = 0; i < parameters.size(); i++) {
+                stmt.setObject(i, iter.next());
-                stmt.setObject(i + 1, parameters.get(i));
             }
         }
 
         return stmt;
     }
     
+    private boolean isStandaloneString(Object[] objects, int index) {
+        String before = getString(objects, index - 1);
+        String after = getString(objects, index + 1);
+        return before != null && before.endsWith("'") && after != null && after.endsWith("'");
+    }
+
     private String getString(Object[] objects, int index) {
-        if (index < 0 || index >= objects.length) {
+        if (index >= 0 && index < objects.length && objects[index] instanceof String) {
-            return null;
+            return (String) objects[index];
         }
-
-        Object object = objects[index];
-
-        if (object instanceof String) {
-            return (String) object;
-        }
-
         return null;
     }
 
@@ -335,15 +340,21 @@ public class EffExecuteStatement extends Effect {
             return false;
         }
         dataSource = (Expression<HikariDataSource>) exprs[1];
-        Expression<?> expr = exprs[2];
+        if (exprs[2] != null) {
+            if (query instanceof VariableString && !((VariableString) query).isSimple()) {
+                Skript.warning("Your query string contains expresions, but you've also provided query arguments. Consider using `unsafe` keyword before your query.");
+            }
+            queryArguments = (Expression<Object>) exprs[2];
+        }
+        Expression<?> resultHolder = exprs[3];
         quickly = matchedPattern == 1;
-        if (expr instanceof Variable) {
+        if (resultHolder instanceof Variable) {
-            Variable<?> varExpr = (Variable<?>) expr;
+            Variable<?> varExpr = (Variable<?>) resultHolder;
             var = varExpr.getName();
             isLocal = varExpr.isLocal();
             isList = varExpr.isList();
-        } else if (expr != null) {
+        } else if (resultHolder != null) {
-            Skript.error(expr + " is not a variable");
+            Skript.error(resultHolder + " is not a variable");
             return false;
         }
         return true;

src/main/java/com/btk5h/skriptdb/skript/ExprDataSource.java

@@ -22,7 +22,7 @@ import java.util.Map;
  *
  * @name Data Source
  * @index -1
- * @pattern [the] data(base|[ ]source) [(of|at)] %string% [with [a] [max[imum]] [connection] life[ ]time of %timespan%]"
+ * @pattern [the] data(base|[ ]source) [(of|at)] %string% [with [a] [max[imum]] [connection] life[ ]time of %timespan%] [[(using|with)] [a] driver %-string%]"
  * @return datasource
  * @example set {sql} to the database "mysql://localhost:3306/mydatabase?user=admin&password=12345&useSSL=false"
  * @since 0.1.0
@@ -33,11 +33,12 @@ public class ExprDataSource extends SimpleExpression<HikariDataSource> {
     static {
         Skript.registerExpression(ExprDataSource.class, HikariDataSource.class,
                 ExpressionType.COMBINED, "[the] data(base|[ ]source) [(of|at)] %string% " +
-                        "[with [a] [max[imum]] [connection] life[ ]time of %-timespan%]");
+                        "[with [a] [max[imum]] [connection] life[ ]time of %-timespan%] " + "[[(using|with)] [a] driver %-string%]");
     }
 
     private Expression<String> url;
     private Expression<Timespan> maxLifetime;
+    private Expression<String> driver;
 
     @Override
     protected HikariDataSource[] get(Event e) {
@@ -55,11 +56,18 @@ public class ExprDataSource extends SimpleExpression<HikariDataSource> {
         }
 
         HikariDataSource ds = new HikariDataSource();
+        ds.setMaximumPoolSize(SkriptDB.getInstance().getConfig().getInt("thread-pool-size", 10));
 
-        //allow specifying of own sql driver class name
+        // 30 minutes by default
-        if (!SkriptDB.getInstance().getConfig().getString("sql-driver-class-name", "default").equals("default")) {
+        ds.setMaxLifetime(SkriptDB.getInstance().getConfig().getInt("max-connection-lifetime", 1800000));
+
+        // Allow specifying of own sql driver class name
+        if (driver != null && driver.getSingle(e) != null) {
+            ds.setDriverClassName(driver.getSingle(e));
+        } else if (!SkriptDB.getInstance().getConfig().getString("sql-driver-class-name", "default").equals("default")) {
             ds.setDriverClassName(SkriptDB.getInstance().getConfig().getString("sql-driver-class-name"));
         }
+
         ds.setJdbcUrl(jdbcUrl);
 
         if (maxLifetime != null) {
@@ -96,6 +104,7 @@ public class ExprDataSource extends SimpleExpression<HikariDataSource> {
                         SkriptParser.ParseResult parseResult) {
         url = (Expression<String>) exprs[0];
         maxLifetime = (Expression<Timespan>) exprs[1];
+        driver = (Expression<String>) exprs[2];
         return true;
     }
 }

src/main/resources/plugin.yml

@@ -1,5 +1,5 @@
 name: skript-db
-version: 1.3.5
+version: 1.4.0
 main: com.btk5h.skriptdb.SkriptDB
 depend: [Skript]
 authors: [btk5h, FranKusmiruk, Govindas, TPGamesNL]