@@ -163,6 +163,23 @@ changes:
163163 language features that allow ordinary SQL to deliberately corrupt the database file are disabled.
164164 The defensive flag can also be set using ` enableDefensive() ` .
165165 ** Default:** ` true ` .
166+ * ` limits ` {Object} Configuration for various SQLite limits. These limits
167+ can be used to prevent excessive resource consumption when handling
168+ potentially malicious input. See [ Run-Time Limits] [ ] and [ Limit Constants] [ ]
169+ in the SQLite documentation for details. Default values are determined by
170+ SQLite's compile-time defaults and may vary depending on how SQLite was
171+ built. The following properties are supported:
172+ * ` length ` {number} Maximum length of a string or BLOB.
173+ * ` sqlLength ` {number} Maximum length of an SQL statement.
174+ * ` column ` {number} Maximum number of columns.
175+ * ` exprDepth ` {number} Maximum depth of an expression tree.
176+ * ` compoundSelect ` {number} Maximum number of terms in a compound SELECT.
177+ * ` vdbeOp ` {number} Maximum number of VDBE instructions.
178+ * ` functionArg ` {number} Maximum number of function arguments.
179+ * ` attach ` {number} Maximum number of attached databases.
180+ * ` likePatternLength ` {number} Maximum length of a LIKE pattern.
181+ * ` variableNumber ` {number} Maximum number of SQL variables.
182+ * ` triggerDepth ` {number} Maximum trigger recursion depth.
166183
167184Constructs a new ` DatabaseSync ` instance.
168185
@@ -451,6 +468,36 @@ added:
451468* Type: {boolean} Whether the database is currently within a transaction. This method
452469 is a wrapper around [ ` sqlite3_get_autocommit() ` ] [ ] .
453470
471+ ### ` database.limits `
472+
473+ <!-- YAML
474+ added: REPLACEME
475+ -->
476+
477+ * Type: {Object}
478+
479+ An object for getting and setting SQLite database limits at runtime.
480+ Each property corresponds to an SQLite limit and can be read or written.
481+
482+ ``` js
483+ const db = new DatabaseSync (' :memory:'
484+
485+ // Read current limit
486+ console .log (db .limits .length );
487+
488+ // Set a new limit
489+ db .limits .sqlLength = 100000 ;
490+
491+ // Reset a limit to its compile-time maximum
492+ db .limits .sqlLength = Infinity ;
493+ ```
494+
495+ Available properties: ` length ` , ` sqlLength ` , ` column ` , ` exprDepth ` ,
496+ ` compoundSelect ` , ` vdbeOp ` , ` functionArg ` , ` attach ` , ` likePatternLength ` ,
497+ ` variableNumber ` , ` triggerDepth ` .
498+
499+ Setting a property to ` Infinity ` resets the limit to its compile-time maximum value.
500+
454501### ` database.open() `
455502
456503<!-- YAML
@@ -1478,6 +1525,8 @@ callback function to indicate what type of operation is being authorized.
14781525[ Changesets and Patchsets ] : https://www.sqlite.org/sessionintro.html#changesets_and_patchsets
14791526[ Constants Passed To The Conflict Handler ] : https://www.sqlite.org/session/c_changeset_conflict.html
14801527[ Constants Returned From The Conflict Handler ] : https://www.sqlite.org/session/c_changeset_abort.html
1528+ [ Limit Constants ] : https://www.sqlite.org/c3ref/c_limit_attached.html
1529+ [ Run-Time Limits ] : https://www.sqlite.org/c3ref/limit.html
14811530[ SQL injection ] : https://en.wikipedia.org/wiki/SQL_injection
14821531[ Type conversion between JavaScript and SQLite ] : #type-conversion-between-javascript-and-sqlite
14831532[ `ATTACH DATABASE` ] : https://www.sqlite.org/lang_attach.html
0 commit comments