{"html_url": "https://github.com/simonw/datasette/issues/1185#issuecomment-759069342", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1185", "id": 759069342, "node_id": "MDEyOklzc3VlQ29tbWVudDc1OTA2OTM0Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-01-12T22:13:18Z", "updated_at": "2021-01-12T22:13:18Z", "author_association": "OWNER", "body": "I'm going to change the error message to list the allowed pragmas.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 784628163, "label": "\"Statement may not contain PRAGMA\" error is not strictly true"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1185#issuecomment-759067427", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1185", "id": 759067427, "node_id": "MDEyOklzc3VlQ29tbWVudDc1OTA2NzQyNw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-01-12T22:09:21Z", "updated_at": "2021-01-12T22:09:21Z", "author_association": "OWNER", "body": "That allow-list was added in #761 but is not currently documented. It's here in the code:\r\n\r\nhttps://github.com/simonw/datasette/blob/8e8fc5cee5c78da8334495c6d6257d5612c40792/datasette/utils/__init__.py#L173-L186", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 784628163, "label": "\"Statement may not contain PRAGMA\" error is not strictly true"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1185#issuecomment-759066777", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1185", "id": 759066777, "node_id": "MDEyOklzc3VlQ29tbWVudDc1OTA2Njc3Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2021-01-12T22:07:58Z", "updated_at": "2021-01-12T22:07:58Z", "author_association": "OWNER", "body": "https://docs.datasette.io/en/stable/sql_queries.html?highlight=pragma#named-parameters documentation is out-of-date as well:\r\n\r\n> Datasette disallows custom SQL containing the string PRAGMA, as SQLite pragma statements can be used to change database settings at runtime. If you need to include the string \"pragma\" in a query you can do so safely using a named parameter.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 784628163, "label": "\"Statement may not contain PRAGMA\" error is not strictly true"}, "performed_via_github_app": null}