@@ -160,6 +160,23 @@ changes:
160160 language features that allow ordinary SQL to deliberately corrupt the database file are disabled.
161161 The defensive flag can also be set using ` enableDefensive() ` .
162162 ** Default:** ` true ` .
163+ * ` limits ` {Object} Configuration for various SQLite limits. These limits
164+ can be used to prevent excessive resource consumption when handling
165+ potentially malicious input. See [ Run-Time Limits] [ ] and [ Limit Constants] [ ]
166+ in the SQLite documentation for details. Default values are determined by
167+ SQLite's compile-time defaults and may vary depending on how SQLite was
168+ built. The following properties are supported:
169+ * ` length ` {number} Maximum length of a string or BLOB.
170+ * ` sqlLength ` {number} Maximum length of an SQL statement.
171+ * ` column ` {number} Maximum number of columns.
172+ * ` exprDepth ` {number} Maximum depth of an expression tree.
173+ * ` compoundSelect ` {number} Maximum number of terms in a compound SELECT.
174+ * ` vdbeOp ` {number} Maximum number of VDBE instructions.
175+ * ` functionArg ` {number} Maximum number of function arguments.
176+ * ` attach ` {number} Maximum number of attached databases.
177+ * ` likePatternLength ` {number} Maximum length of a LIKE pattern.
178+ * ` variableNumber ` {number} Maximum number of SQL variables.
179+ * ` triggerDepth ` {number} Maximum trigger recursion depth.
163180
164181Constructs a new ` DatabaseSync ` instance.
165182
@@ -447,6 +464,36 @@ added:
447464* Type: {boolean} Whether the database is currently within a transaction. This method
448465 is a wrapper around [ ` sqlite3_get_autocommit() ` ] [ ] .
449466
467+ ### ` database.limits `
468+
469+ <!-- YAML
470+ added: REPLACEME
471+ -->
472+
473+ * Type: {Object}
474+
475+ An object for getting and setting SQLite database limits at runtime.
476+ Each property corresponds to an SQLite limit and can be read or written.
477+
478+ ``` js
479+ const db = new DatabaseSync (' :memory:'
480+
481+ // Read current limit
482+ console .log (db .limits .length );
483+
484+ // Set a new limit
485+ db .limits .sqlLength = 100000 ;
486+
487+ // Reset a limit to its compile-time maximum
488+ db .limits .sqlLength = Infinity ;
489+ ```
490+
491+ Available properties: ` length ` , ` sqlLength ` , ` column ` , ` exprDepth ` ,
492+ ` compoundSelect ` , ` vdbeOp ` , ` functionArg ` , ` attach ` , ` likePatternLength ` ,
493+ ` variableNumber ` , ` triggerDepth ` .
494+
495+ Setting a property to ` Infinity ` resets the limit to its compile-time maximum value.
496+
450497### ` database.open() `
451498
452499<!-- YAML
@@ -1472,6 +1519,8 @@ callback function to indicate what type of operation is being authorized.
14721519[ Changesets and Patchsets ] : https://www.sqlite.org/sessionintro.html#changesets_and_patchsets
14731520[ Constants Passed To The Conflict Handler ] : https://www.sqlite.org/session/c_changeset_conflict.html
14741521[ Constants Returned From The Conflict Handler ] : https://www.sqlite.org/session/c_changeset_abort.html
1522+ [ Limit Constants ] : https://www.sqlite.org/c3ref/c_limit_attached.html
1523+ [ Run-Time Limits ] : https://www.sqlite.org/c3ref/limit.html
14751524[ SQL injection ] : https://en.wikipedia.org/wiki/SQL_injection
14761525[ Type conversion between JavaScript and SQLite ] : #type-conversion-between-javascript-and-sqlite
14771526[ `ATTACH DATABASE` ] : https://www.sqlite.org/lang_attach.html
0 commit comments