@@ -156,6 +156,23 @@ changes:
156156 language features that allow ordinary SQL to deliberately corrupt the database file are disabled.
157157 The defensive flag can also be set using ` enableDefensive() ` .
158158 ** Default:** ` true ` .
159+ * ` limits ` {Object} Configuration for various SQLite limits. These limits
160+ can be used to prevent excessive resource consumption when handling
161+ potentially malicious input. See [ Run-Time Limits] [ ] and [ Limit Constants] [ ]
162+ in the SQLite documentation for details. Default values are determined by
163+ SQLite's compile-time defaults and may vary depending on how SQLite was
164+ built. The following properties are supported:
165+ * ` length ` {number} Maximum length of a string or BLOB.
166+ * ` sqlLength ` {number} Maximum length of an SQL statement.
167+ * ` column ` {number} Maximum number of columns.
168+ * ` exprDepth ` {number} Maximum depth of an expression tree.
169+ * ` compoundSelect ` {number} Maximum number of terms in a compound SELECT.
170+ * ` vdbeOp ` {number} Maximum number of VDBE instructions.
171+ * ` functionArg ` {number} Maximum number of function arguments.
172+ * ` attach ` {number} Maximum number of attached databases.
173+ * ` likePatternLength ` {number} Maximum length of a LIKE pattern.
174+ * ` variableNumber ` {number} Maximum number of SQL variables.
175+ * ` triggerDepth ` {number} Maximum trigger recursion depth.
159176
160177Constructs a new ` DatabaseSync ` instance.
161178
@@ -437,6 +454,36 @@ added: v24.0.0
437454* Type: {boolean} Whether the database is currently within a transaction. This method
438455 is a wrapper around [ ` sqlite3_get_autocommit() ` ] [ ] .
439456
457+ ### ` database.limits `
458+
459+ <!-- YAML
460+ added: REPLACEME
461+ -->
462+
463+ * Type: {Object}
464+
465+ An object for getting and setting SQLite database limits at runtime.
466+ Each property corresponds to an SQLite limit and can be read or written.
467+
468+ ``` js
469+ const db = new DatabaseSync (' :memory:'
470+
471+ // Read current limit
472+ console .log (db .limits .length );
473+
474+ // Set a new limit
475+ db .limits .sqlLength = 100000 ;
476+
477+ // Reset a limit to its compile-time maximum
478+ db .limits .sqlLength = Infinity ;
479+ ```
480+
481+ Available properties: ` length ` , ` sqlLength ` , ` column ` , ` exprDepth ` ,
482+ ` compoundSelect ` , ` vdbeOp ` , ` functionArg ` , ` attach ` , ` likePatternLength ` ,
483+ ` variableNumber ` , ` triggerDepth ` .
484+
485+ Setting a property to ` Infinity ` resets the limit to its compile-time maximum value.
486+
440487### ` database.open() `
441488
442489<!-- YAML
@@ -1456,6 +1503,8 @@ callback function to indicate what type of operation is being authorized.
14561503[ Changesets and Patchsets ] : https://www.sqlite.org/sessionintro.html#changesets_and_patchsets
14571504[ Constants Passed To The Conflict Handler ] : https://www.sqlite.org/session/c_changeset_conflict.html
14581505[ Constants Returned From The Conflict Handler ] : https://www.sqlite.org/session/c_changeset_abort.html
1506+ [ Limit Constants ] : https://www.sqlite.org/c3ref/c_limit_attached.html
1507+ [ Run-Time Limits ] : https://www.sqlite.org/c3ref/limit.html
14591508[ SQL injection ] : https://en.wikipedia.org/wiki/SQL_injection
14601509[ Type conversion between JavaScript and SQLite ] : #type-conversion-between-javascript-and-sqlite
14611510[ `ATTACH DATABASE` ] : https://www.sqlite.org/lang_attach.html
0 commit comments