[Users] avpops: new function avp_db_query()

Klaus Darilion klaus.mailinglists at pernau.at
Fri Feb 17 13:59:53 CET 2006


Hi Daniel!

cool new feature, some questions inline:

Daniel-Constantin Mierla wrote:
> Hello,
> 
> avpops module has a new function which allow to execute raw SQL queries 
> and store the result in AVPs.
> 
> avp_db_query(query, dest);
> 
> The query given as parameter can contain pseudo-variables. Using this 
> function you can benefit of full database system features, being able to 
> do joins, unions, etc. Old db-related functions are in place since they 
> are faster for their usage case.
> 
> The documentation of the of avpops module was updated and posted at:
> 
> http://openser.org/docs/modules/1.1.x/avpops.html
> 
> A small example of usage: limit the number of calls done in the last day:
> 
> if(is_method("INVITE") && !has_totag())
> {
>     if(avp_db_query("select count(*) from acc where username='$fU' and 
> domain='$fd' and method='INVITE' and timestamp>=$Ts-24*3600", 
> "$avp(i:234)"))

I guess the SQL query returns the result as string. Is the conversion to 
int done when copying into the AVP?

What happens if the query returns multiple rows? Will the AVP be defined 
multiple times?

Is it possible to retrieve multiple columns? e.g.
  avp_db_query("select user,domain from ....", "$avp(user)$avp(domain)")

Is the query SQL-injection save?

regards
klaus

>    {
>       if(avp_chech("$avp(i:234)", "ge/i:10"))
>      {
>          sl_send_reply("403", "too many calls in the last day");
>          exit();
>     }
>   }
> }
> 
> Cheers,
> Daniel
> 
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users





More information about the Users mailing list