[Asterisk-Dev] Database App

[Holger Schurig]

> My goal is to be able to run a simple query on a database that could
> return a value in an ${var} variable, or even the number or rows that
> were returned in the query in a ${var}.  There are a couple of things
> in Asterisk I would like to accomplish, without having to fork an AGI
> application, that involved getting/checking data in a database.

You have an idea what bkw_ and I yesterday talked over on IRC.


Basically bkw_ talked about res_sqlite (see 
http://www.voip-info.org/tiki-index.php?page=Asterisk+addons) as a 
default SQL implementation for Asterisk. If wanted, SQLite can even be 
incorporated into Asterisk because it's "public domain". But, of course, 
it can also be used as a normal library.

The other SQL methods (ODBC, PostgreSQL) would still exist if a user has 
different needs.


Now, once there is SQL inside every Asterisk, we can start to use this 
infrastructure. The first and obvious usage are Applications that use SQL 
for data storage & retrieval in dialplans, like the one you described 
above.



However, res_sqlite as it stands now is not ready for integration:

a) it is not standard C code, e.g. they define variables in the middle of 
C blocks.
b) it uses sqlite_printf to create queries, but with %s and not with %q 
which would do proper quoting. Therefore insertion attacks are possible
c) it's source-code in a non-Asterisk-way formatted
d) it contains sql commends for the command line of Asterisk, e.g. you can 
do "select * from cdr where dst='1234';". This sounds fine on the first 
sight, but there is the sqlite binary which does this better and IF there 
should be some select command in the CLI, then this sql interface should 
work with SQLite, ODBC, PostgreSQL etc in a transparent manner.