Fix: remove escapeValue in favor of SQL placeholder

[ysjprojects]

Original:

export const escapeValue = (value: any) => {
  if (value === undefined) return null;
  if (typeof value === 'string') return `$tag$${value}$tag$`;
  if (value instanceof Uint8Array) {
    // TODO: Handle Uint8Array without converting to string
    const base64Value = Buffer.from(value).toString('base64');
    return `from_base64('${base64Value}')`;
  }

  return value;
};

• Implemented SQL placeholders method, removing the need to escape values altogether.
• Also added further sanitization to map NaN and Infinity values to null.

[frascuchon]

Thanks for this contribution, @ysjprojects.

I've run your changes locally, but I'm falling into some errors when generating new cells.

[Error: Binder Error: Prepared statement requires database  but it was not attached]

After this, the server crashes.

Not sure of the exact reason. Reading the docs, I see other ways to parameterize the queries.

[ysjprojects]

Thanks for this contribution, @ysjprojects.

I've run your changes locally, but I'm falling into some errors when generating new cells.

[Error: Binder Error: Prepared statement requires database  but it was not attached]

After this, the server crashes.

Not sure of the exact reason. Reading the docs, I see other ways to parameterize the queries.

I reckon the previous placeholder syntax is not supported in Node.js, I have changed it based on the doc

[frascuchon]

I've tested the latest changes, and I'm still having similar errors:

[Error: Binder Error: Parameter/argument count mismatch for prepared statement. Expected 1, got 0]
8:38:12 [vite] Internal server error: Binder Error: Parameter/argument count mismatch for prepared statement. Expected 1, got 0

[ysjprojects]

I've tested the latest changes, and I'm still having similar errors:

[Error: Binder Error: Parameter/argument count mismatch for prepared statement. Expected 1, got 0]
8:38:12 [vite] Internal server error: Binder Error: Parameter/argument count mismatch for prepared statement. Expected 1, got 0

Turned out the previous DuckDB Node API version was outdated and didn't support parameterization, after upgrading to the latest version the errors are resolved.

While running the vitest script there was another error which can be attributed to the fact that creating a new table initializes 1000 rows by default. In order to pass the assertions in the test, the new table has to be emptied after creation in the test script (also resolved).

[frascuchon]

Thanks! Now this error is gone, but when I try to generate some images, I get another error:

10:37:33 [vite] Internal server error: Cannot create values of type ANY. Specify a specific type.
  File: /Users/frascuchon/Projects/huggingface/sheets/src/services/repository/tables/insert-column-values.ts:32:9
  30 |        if (result.rowCount > 0) {
  31 |          // Update existing row
  32 |          await db.run(
     |           ^
  33 |            `
  34 |            UPDATE ${tableName} SET ${columnName} = ? WHERE rowIdx = ${idx};

And the application crashes.

(I tried to generate the provided "Isometric images of cities" example)

[ysjprojects]

@frascuchon made some changes, apparently you need to wrap duckdb.blobValue around Uint8Array before passing it to a prepared statement placeholder.

Also added a test case to confirm that Uint8Array is successfully parameterized as BLOB

[frascuchon]

Everything is working fine now.

Thanks @ysjprojects for your contribution.