Merge branch 'r-0.7-13' into production

Author: krlmlr

.Rbuildignore

@@ -23,3 +23,5 @@ inst\/doc\/DBI\.b..$
 ^scripts$
 ^tic\.R$
 ^_pkgdown\.yml$
+^revdep/
+^API$

API

@@ -0,0 +1,66 @@
+# API for DBI package
+
+## Exported functions
+
+ANSI()
+SQL(x)
+SQLKeywords(dbObj, ...)
+dbBegin(conn, ...)
+dbBind(res, params, ...)
+dbBreak()
+dbCallProc(conn, ...)
+dbClearResult(res, ...)
+dbColumnInfo(res, ...)
+dbCommit(conn, ...)
+dbConnect(drv, ...)
+dbDataType(dbObj, obj, ...)
+dbDisconnect(conn, ...)
+dbDriver(drvName, ...)
+dbExecute(conn, statement, ...)
+dbExistsTable(conn, name, ...)
+dbFetch(res, n = -1, ...)
+dbGetDBIVersion()
+dbGetException(conn, ...)
+dbGetInfo(dbObj, ...)
+dbGetQuery(conn, statement, ...)
+dbGetRowCount(res, ...)
+dbGetRowsAffected(res, ...)
+dbGetStatement(res, ...)
+dbHasCompleted(res, ...)
+dbIsValid(dbObj, ...)
+dbListConnections(drv, ...)
+dbListFields(conn, name, ...)
+dbListResults(conn, ...)
+dbListTables(conn, ...)
+dbQuoteIdentifier(conn, x, ...)
+dbQuoteLiteral(conn, x, ...)
+dbQuoteString(conn, x, ...)
+dbReadTable(conn, name, ...)
+dbRemoveTable(conn, name, ...)
+dbRollback(conn, ...)
+dbSendQuery(conn, statement, ...)
+dbSendStatement(conn, statement, ...)
+dbSetDataMappings(res, flds, ...)
+dbUnloadDriver(drv, ...)
+dbWithTransaction(conn, code, ...)
+dbWriteTable(conn, name, value, ...)
+fetch(res, n = -1, ...)
+isSQLKeyword(dbObj, name, keywords = .SQL92Keywords, case = c("lower", "upper", "any")[3], ...)
+isSQLKeyword.default(name, keywords = .SQL92Keywords, case = c("lower", "upper", "any")[3])
+make.db.names(dbObj, snames, keywords = .SQL92Keywords, unique = TRUE, allow.keywords = TRUE, ...)
+make.db.names.default(snames, keywords = .SQL92Keywords, unique = TRUE, allow.keywords = TRUE)
+sqlAppendTable(con, table, values, row.names = NA, ...)
+sqlAppendTableTemplate(con, table, values, row.names = NA, prefix = "?", ...)
+sqlColumnToRownames(df, row.names = NA)
+sqlCommentSpec(start, end, endRequired)
+sqlCreateTable(con, table, fields, row.names = NA, temporary = FALSE, ...)
+sqlData(con, value, row.names = NA, ...)
+sqlInterpolate(conn, sql, ..., .dots = list())
+sqlParseVariables(conn, sql, ...)
+sqlParseVariablesImpl(sql, quotes, comments)
+sqlQuoteSpec(start, end, escape, doubleEscape = TRUE)
+sqlRownamesToColumn(df, row.names = NA)
+
+## Exported data
+
+.SQL92Keywords: character (character[220])

DESCRIPTION

@@ -1,6 +1,6 @@
 Package: DBI
-Version: 0.7-12
-Date: 2017-08-10
+Version: 0.7-13
+Date: 2017-11-27
 Title: R Database Interface
 Description: A database interface definition for communication
     between R and relational database management systems.  All
@@ -27,9 +27,9 @@ Suggests:
     xml2
 Encoding: UTF-8
 License: LGPL (>= 2)
-URL: http://rstats-db.github.io/DBI
-URLNote: https://github.com/rstats-db/DBI
-BugReports: https://github.com/rstats-db/DBI/issues
+URL: http://r-dbi.github.io/DBI
+URLNote: https://github.com/r-dbi/DBI
+BugReports: https://github.com/r-dbi/DBI/issues
 Collate: 
     'DBObject.R'
     'DBDriver.R'
@@ -48,7 +48,6 @@ Collate:
     'table-insert.R'
     'table.R'
     'transactions.R'
-    'util.R'
 VignetteBuilder: knitr
-Roxygen: list(markdown = TRUE)
+Roxygen: list(markdown = TRUE, roclets = c("collate", "namespace", "rd", "pkgapi::api_roclet"))
 RoxygenNote: 6.0.1

NAMESPACE

@@ -32,6 +32,7 @@ export(dbListFields)
 export(dbListResults)
 export(dbListTables)
 export(dbQuoteIdentifier)
+export(dbQuoteLiteral)
 export(dbQuoteString)
 export(dbReadTable)
 export(dbRemoveTable)
@@ -47,7 +48,6 @@ export(isSQLKeyword)
 export(isSQLKeyword.default)
 export(make.db.names)
 export(make.db.names.default)
-export(print.list.pairs)
 export(sqlAppendTable)
 export(sqlAppendTableTemplate)
 export(sqlColumnToRownames)
@@ -70,6 +70,7 @@ exportMethods(dbFetch)
 exportMethods(dbGetQuery)
 exportMethods(dbListFields)
 exportMethods(dbQuoteIdentifier)
+exportMethods(dbQuoteLiteral)
 exportMethods(dbQuoteString)
 exportMethods(dbReadTable)
 exportMethods(dbSendStatement)

NEWS.md

@@ -1,3 +1,14 @@
+## DBI 0.7-13 (2017-11-27)
+
+- The deprecated `print.list.pairs()` has been removed.
+- Fix `dbDataType()` for `AsIs` object (#198, @yutannihilation).
+- Point to db.rstudio.com (@wibeasley, #209).
+- Reflect new 'r-dbi' organization in `DESCRIPTION` (@wibeasley, #207).
+- Using switchpatch on the second argument for default implementations of `dbQuoteString()` and `dbQuoteIdentifier()`.
+- New `dbQuoteLiteral()` generic. The default implementation uses switchpatch to avoid dispatch ambiguities, and forwards to `dbQuoteString()` for character vectors. Backends may override methods that also dispatch on the second argument, but in this case also an override for the `"SQL"` class is necessary (#172).
+- Fix `dbQuoteString()` and `dbQuoteIdentifier()` to ignore invalid UTF-8 strings (r-dbi/DBItest#156).
+
+
 ## DBI 0.7-12 (2017-08-10)
 
 - Add default implementation of `dbListFields()`.

R/data-types.R

@@ -23,7 +23,8 @@ check_raw_list <- function(x) {
 }
 
 as_is_data_type <- function(x) {
-  dbiDataType(unclass(x))
+  oldClass(x) <- oldClass(x)[-1]
+  dbiDataType(x)
 }
 
 setOldClass("difftime")

R/quote.R

@@ -90,12 +90,19 @@ setGeneric("dbQuoteIdentifier",
 
 #' @rdname hidden_aliases
 #' @export
-setMethod("dbQuoteIdentifier", c("DBIConnection", "character"),
+setMethod("dbQuoteIdentifier", "DBIConnection",
   function(conn, x, ...) {
+    if (is(x, "SQL")) return(x)
+    if (is(x, "Table")) {
+      return(SQL(paste0(dbQuoteIdentifier(conn, x@name), collapse = ".")))
+    }
+    if (!is.character(x)) stop("x must be character or SQL", call. = FALSE)
+
     if (any(is.na(x))) {
       stop("Cannot pass NA to dbQuoteIdentifier()", call. = FALSE)
     }
-    x <- gsub('"', '""', x, fixed = TRUE)
+    # Avoid fixed = TRUE due to https://github.com/r-dbi/DBItest/issues/156
+    x <- gsub('"', '""', enc2utf8(x))
     if (length(x) == 0L) {
       SQL(character())
     } else {
@@ -105,14 +112,6 @@ setMethod("dbQuoteIdentifier", c("DBIConnection", "character"),
   }
 )
 
-#' @rdname hidden_aliases
-#' @export
-setMethod("dbQuoteIdentifier", c("DBIConnection", "SQL"),
-  function(conn, x, ...) {
-    x
-  }
-)
-
 #' Quote literal strings
 #'
 #' Call this method to generate a string that is suitable for
@@ -150,9 +149,13 @@ setGeneric("dbQuoteString",
 
 #' @rdname hidden_aliases
 #' @export
-setMethod("dbQuoteString", c("DBIConnection", "character"),
+setMethod("dbQuoteString", "DBIConnection",
   function(conn, x, ...) {
-    x <- gsub("'", "''", x, fixed = TRUE)
+    if (is(x, "SQL")) return(x)
+    if (!is.character(x)) stop("x must be character or SQL", call. = FALSE)
+
+    # Avoid fixed = TRUE due to https://github.com/r-dbi/DBItest/issues/156
+    x <- gsub("'", "''", enc2utf8(x))
 
     if (length(x) == 0L) {
       SQL(character())
@@ -166,10 +169,77 @@ setMethod("dbQuoteString", c("DBIConnection", "character"),
   }
 )
 
+#' Quote literal values
+#'
+#' @description
+#' Call these methods to generate a string that is suitable for
+#' use in a query as a literal value of the correct type, to make sure that you
+#' generate valid SQL and avoid SQL injection.
+#'
+#' @inheritParams dbQuoteString
+#' @param x A vector to quote as string.
+#'
+#' @inherit DBItest::spec_sql_quote_literal return
+#' @inheritSection DBItest::spec_sql_quote_literal Specification
+#'
+#' @family DBIResult generics
+#' @export
+#' @examples
+#' # Quoting ensures that arbitrary input is safe for use in a query
+#' name <- "Robert'); DROP TABLE Students;--"
+#' dbQuoteLiteral(ANSI(), name)
+#'
+#' # NAs become NULL
+#' dbQuoteLiteral(ANSI(), c(1:3, NA))
+#'
+#' # Logicals become integers by default
+#' dbQuoteLiteral(ANSI(), c(TRUE, FALSE, NA))
+#'
+#' # Raw vectors become hex strings by default
+#' dbQuoteLiteral(ANSI(), list(as.raw(1:3), NULL))
+#'
+#' # SQL vectors are always passed through as is
+#' var_name <- SQL("select")
+#' var_name
+#' dbQuoteLiteral(ANSI(), var_name)
+#'
+#' # This mechanism is used to prevent double escaping
+#' dbQuoteLiteral(ANSI(), dbQuoteLiteral(ANSI(), name))
+setGeneric("dbQuoteLiteral",
+  def = function(conn, x, ...) standardGeneric("dbQuoteLiteral")
+)
+
+
+
 #' @rdname hidden_aliases
 #' @export
-setMethod("dbQuoteString", c("DBIConnection", "SQL"),
+setMethod("dbQuoteLiteral", "DBIConnection",
   function(conn, x, ...) {
-    x
+    # Switchpatching to avoid ambiguous S4 dispatch, so that our method
+    # is used only if no alternatives are available.
+
+    if (is(x, "SQL")) return(x)
+
+    if (is.character(x)) return(dbQuoteString(conn, x))
+
+    if (is.list(x)) {
+      blob_data <- vapply(
+        x,
+        function(x) {
+          if (is.null(x)) "NULL"
+          else if (is.raw(x)) paste0("X'", paste(format(x), collapse = ""), "'")
+          else {
+            stop("Lists must contain raw vectors or NULL", call. = FALSE)
+          }
+        },
+        character(1)
+      )
+      return(SQL(blob_data))
+    }
+
+    if (is.logical(x)) x <- as.numeric(x)
+    x <- as.character(x)
+    x[is.na(x)] <- "NULL"
+    SQL(x)
   }
 )

R/table.R

@@ -11,15 +11,6 @@ Table <- function(...) {
   new("Table", name = c(...))
 }
 
-#' @rdname hidden_aliases
-#' @param conn,x Connection and Table used when escaping.
-#' @export
-setMethod("dbQuoteIdentifier", c("DBIConnection", "Table"),
-  function(conn, x, ...) {
-    SQL(paste0(dbQuoteIdentifier(conn, x@name), collapse = "."))
-  }
-)
-
 #' @rdname hidden_aliases
 #' @param object Table object to print
 #' @export

R/util.R

@@ -1,6 +1,6 @@
 # DBI
 
-[![Build Status](https://travis-ci.org/rstats-db/DBI.png?branch=master)](https://travis-ci.org/rstats-db/DBI) [![Coverage Status](https://codecov.io/gh/rstats-db/DBI/branch/master/graph/badge.svg)](https://codecov.io/github/rstats-db/DBI?branch=master) [![CRAN_Status_Badge](http://www.r-pkg.org/badges/version/DBI)](https://cran.r-project.org/package=DBI)
+[![Build Status](https://travis-ci.org/r-dbi/DBI.png?branch=master)](https://travis-ci.org/r-dbi/DBI) [![Coverage Status](https://codecov.io/gh/r-dbi/DBI/branch/master/graph/badge.svg)](https://codecov.io/github/r-dbi/DBI?branch=master) [![CRAN_Status_Badge](http://www.r-pkg.org/badges/version/DBI)](https://cran.r-project.org/package=DBI)
 
 The DBI package defines a common interface between the R and database management systems (DBMS).  The interface defines a small set of classes and methods similar in spirit to Perl's [DBI](http://dbi.perl.org/), Java's [JDBC](http://www.oracle.com/technetwork/java/javase/jdbc/index.html), Python's [DB-API](http://www.python.org/dev/peps/pep-0249/), and Microsoft's [ODBC](http://en.wikipedia.org/wiki/ODBC). It defines a set of classes and methods defines what operations are possible and how they are performed:
 
@@ -46,9 +46,9 @@ dbDisconnect(con)
 To install DBI:
 
 * Get the released version from CRAN: `install.packages("DBI")`
-* Get the development version from github: `devtools::install_github("rstats-db/DBI")`
+* Get the development version from github: `devtools::install_github("r-dbi/DBI")`
 
-Discussions associated with DBI and related database packages take place on [R-SIG-DB](https://stat.ethz.ch/mailman/listinfo/r-sig-db).
+Discussions associated with DBI and related database packages take place on [R-SIG-DB](https://stat.ethz.ch/mailman/listinfo/r-sig-db).  The website [Databases using R](http://db.rstudio.com/) describes the tools and best practices in this ecosystem.
 
 ## Class structure