Skip to content

Give destructive warning on multi-table UPDATEs #1519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rolandwalker merged 1 commit into from
Feb 9, 2026
+26 −1
Merged

Give destructive warning on multi-table UPDATEs #1519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Features
Bug Fixes
--------
* Correct mangled schema info sent in LLM prompts.
* Give destructive warning on multi-table `UPDATE`s.


1.50.0 (2026/02/07)
Expand Down
21 changes: 20 additions & 1 deletion mycli/packages/parseutils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,14 +275,33 @@ def query_has_where_clause(query: str) -> bool:
return any(isinstance(token, sqlparse.sql.Where) for token_list in sqlparse.parse(query) for token in token_list)


# todo: handle "UPDATE LOW_PRIORITY" and "UPDATE IGNORE"
def query_is_single_table_update(query: str) -> bool:
"""Check if a query is a simple single-table UPDATE."""
cleaned_query = sqlparse.format(query, strip_comments=True)
if not cleaned_query:
return False
parsed = sqlparse.parse(cleaned_query)
if not parsed:
return False
statement = parsed[0]
return (
statement[0].value.lower() == 'update'
and statement[1].is_whitespace
and ',' not in statement[2].value # multiple tables
and statement[3].is_whitespace
and statement[4].value.lower() == 'set'
)


def is_destructive(keywords: list[str], queries: str) -> bool:
"""Returns True if any of the queries in *queries* is destructive."""
for query in sqlparse.split(queries):
if not query:
continue
# subtle: if "UPDATE" is one of our keywords AND "query" starts with "UPDATE"
if query_starts_with(query, keywords) and query_starts_with(query, ["update"]):
if query_has_where_clause(query):
if query_has_where_clause(query) and query_is_single_table_update(query):
return False
else:
return True
Expand Down
5 changes: 5 additions & 0 deletions test/test_parseutils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,11 @@ def test_is_destructive_update_with_where_clause():
assert is_destructive(["update"], sql) is False


def test_is_destructive_update_multiple_tables_with_where_clause():
sql = "use test;\nshow databases;\nUPDATE test, foo SET x = 1 WHERE id = 1;"
assert is_destructive(["update"], sql) is True


def test_is_destructive_update_without_where_clause():
sql = "use test;\nshow databases;\nUPDATE test SET x = 1;"
assert is_destructive(["update"], sql) is True
Expand Down