Switch to the official Python package to connect with the server

[KartikSoneji]

mariadb_kernel/mariadb_kernel/mariadb_client.py

Lines 21 to 27 in 0dddfe5

	def run_command(self, code, timeout=-1, async_=False):
	# Writing the cell code within a file and then sourcing it in the client
	# offers us a lot of advantages.
	# We avoid Pexpect's limitation of PC_MAX_CANON (1024) chars per line
	# and we also avoid more nasty issues like MariaDB client behaviour
	# sending continuation prompt when "\n" is received.

The current implementation of using the mariadb client cli has some limitations.

mariadb_kernel/mariadb_kernel/mariadb_client.py

Line 100 in 0dddfe5

def run_statement(self, code, timeout=-1):

The run_statement doesn't support parameter substitution, which can lead to unintentional SQL injections while adding more magics:

mariadb_kernel/mariadb_kernel/maria_magics/load.py

Line 46 in 362e378

use_csv_update_table_cmd = f"""LOAD DATA LOCAL INFILE '{self.csv_file_path}'

mariadb_kernel/mariadb_kernel/maria_magics/load.py

Line 57 in 362e378

f"select * from {self.table_name} limit 5;"

Security is not as much of an issue, but it can lead to issues with some commands, for example if the file is named ' a.csv.
Trying to escape these edge cases in Python will lead to an imperfect re-implementation of the escaping logic like the original connector.

Ideally, the run_statement method should accept a list of substitution parameters like the Python connector

cur.execute("INSERT INTO test.accounts(first_name, last_name, email, amount) VALUES (?, ?, ?, ?)",
      (first_name, last_name, email, amount))

mariadb_kernel/mariadb_kernel/mariadb_client.py

Line 50 in 0dddfe5

self.prompt = re.compile(r"MariaDB \[.*\]>[ \t]")

Listening for the MariaDB [] prompt causes some queries to never finish or truncate the output.
The Python connector will be more reliable as it is both officially supported and throughly tested.

[LinuxJedi]

Whatever the fix for this ends up being it will likely also fix #20. I'm going to mark it as an enhancement even though it is borderline between bug and enhancement.