summaryrefslogtreecommitdiffstats
path: root/www/c3ref/c_deterministic.html
blob: 5e31f3480878df21deb9f8cc8a23fd345844b0c4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
<!DOCTYPE html>
<html><head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<link href="../sqlite.css" rel="stylesheet">
<title>Function Flags</title>
<!-- path=../ -->
</head>
<body>
<div class=nosearch>
<a href="../index.html">
<img class="logo" src="../images/sqlite370_banner.gif" alt="SQLite" border="0">
</a>
<div><!-- IE hack to prevent disappearing logo --></div>
<div class="tagline desktoponly">
Small. Fast. Reliable.<br>Choose any three.
</div>
<div class="menu mainmenu">
<ul>
<li><a href="../index.html">Home</a>
<li class='mobileonly'><a href="javascript:void(0)" onclick='toggle_div("submenu")'>Menu</a>
<li class='wideonly'><a href='../about.html'>About</a>
<li class='desktoponly'><a href="../docs.html">Documentation</a>
<li class='desktoponly'><a href="../download.html">Download</a>
<li class='wideonly'><a href='../copyright.html'>License</a>
<li class='desktoponly'><a href="../support.html">Support</a>
<li class='desktoponly'><a href="../prosupport.html">Purchase</a>
<li class='search' id='search_menubutton'>
<a href="javascript:void(0)" onclick='toggle_search()'>Search</a>
</ul>
</div>
<div class="menu submenu" id="submenu">
<ul>
<li><a href='../about.html'>About</a>
<li><a href='../docs.html'>Documentation</a>
<li><a href='../download.html'>Download</a>
<li><a href='../support.html'>Support</a>
<li><a href='../prosupport.html'>Purchase</a>
</ul>
</div>
<div class="searchmenu" id="searchmenu">
<form method="GET" action="../search">
<select name="s" id="searchtype">
<option value="d">Search Documentation</option>
<option value="c">Search Changelog</option>
</select>
<input type="text" name="q" id="searchbox" value="">
<input type="submit" value="Go">
</form>
</div>
</div>
<script>
function toggle_div(nm) {
var w = document.getElementById(nm);
if( w.style.display=="block" ){
w.style.display = "none";
}else{
w.style.display = "block";
}
}
function toggle_search() {
var w = document.getElementById("searchmenu");
if( w.style.display=="block" ){
w.style.display = "none";
} else {
w.style.display = "block";
setTimeout(function(){
document.getElementById("searchbox").focus()
}, 30);
}
}
function div_off(nm){document.getElementById(nm).style.display="none";}
window.onbeforeunload = function(e){div_off("submenu");}
/* Disable the Search feature if we are not operating from CGI, since */
/* Search is accomplished using CGI and will not work without it. */
if( !location.origin || !location.origin.match || !location.origin.match(/http/) ){
document.getElementById("search_menubutton").style.display = "none";
}
/* Used by the Hide/Show button beside syntax diagrams, to toggle the */
function hideorshow(btn,obj){
var x = document.getElementById(obj);
var b = document.getElementById(btn);
if( x.style.display!='none' ){
x.style.display = 'none';
b.innerHTML='show';
}else{
x.style.display = '';
b.innerHTML='hide';
}
return false;
}
var antiRobot = 0;
function antiRobotGo(){
if( antiRobot!=3 ) return;
antiRobot = 7;
var j = document.getElementById("mtimelink");
if(j && j.hasAttribute("data-href")) j.href=j.getAttribute("data-href");
}
function antiRobotDefense(){
document.body.onmousedown=function(){
antiRobot |= 2;
antiRobotGo();
document.body.onmousedown=null;
}
document.body.onmousemove=function(){
antiRobot |= 2;
antiRobotGo();
document.body.onmousemove=null;
}
setTimeout(function(){
antiRobot |= 1;
antiRobotGo();
}, 100)
antiRobotGo();
}
antiRobotDefense();
</script>
<!-- keywords: SQLITE_DETERMINISTIC SQLITE_DIRECTONLY SQLITE_INNOCUOUS SQLITE_RESULT_SUBTYPE SQLITE_SUBTYPE -->
<div class=nosearch>
<a href="../c3ref/intro.html"><h2>SQLite C Interface</h2></a>
<h2>Function Flags</h2>
</div>
<blockquote><pre>
#define SQLITE_DETERMINISTIC    0x000000800
#define SQLITE_DIRECTONLY       0x000080000
#define SQLITE_SUBTYPE          0x000100000
#define SQLITE_INNOCUOUS        0x000200000
#define SQLITE_RESULT_SUBTYPE   0x001000000
</pre></blockquote>
<p>
These constants may be ORed together with the
<a href="../c3ref/c_any.html">preferred text encoding</a> as the fourth argument
to <a href="../c3ref/create_function.html">sqlite3_create_function()</a>, <a href="../c3ref/create_function.html">sqlite3_create_function16()</a>, or
<a href="../c3ref/create_function.html">sqlite3_create_function_v2()</a>.</p>

<p><dl>
<a name="sqlitedeterministic"></a>
 <dt>SQLITE_DETERMINISTIC</dt><dd>
The SQLITE_DETERMINISTIC flag means that the new function always gives
the same output when the input parameters are the same.
The <a href="../lang_corefunc.html#abs">abs() function</a> is deterministic, for example, but
<a href="../lang_corefunc.html#randomblob">randomblob()</a> is not.  Functions must
be deterministic in order to be used in certain contexts such as
with the WHERE clause of <a href="../partialindex.html">partial indexes</a> or in <a href="../gencol.html">generated columns</a>.
SQLite might also optimize deterministic functions by factoring them
out of inner loops.
</dd></p>

<p><a name="sqlitedirectonly"></a>
 <dt>SQLITE_DIRECTONLY</dt><dd>
The SQLITE_DIRECTONLY flag means that the function may only be invoked
from top-level SQL, and cannot be used in VIEWs or TRIGGERs nor in
schema structures such as <a href="../lang_createtable.html#ckconst">CHECK constraints</a>, <a href="../lang_createtable.html#dfltval">DEFAULT clauses</a>,
<a href="../expridx.html">expression indexes</a>, <a href="../partialindex.html">partial indexes</a>, or <a href="../gencol.html">generated columns</a>.
<p>
The SQLITE_DIRECTONLY flag is recommended for any
<a href="../appfunc.html">application-defined SQL function</a>
that has side-effects or that could potentially leak sensitive information.
This will prevent attacks in which an application is tricked
into using a database file that has had its schema surreptitiously
modified to invoke the application-defined function in ways that are
harmful.
<p>
Some people say it is good practice to set SQLITE_DIRECTONLY on all
<a href="../appfunc.html">application-defined SQL functions</a>, regardless of whether or not they
are security sensitive, as doing so prevents those functions from being used
inside of the database schema, and thus ensures that the database
can be inspected and modified using generic tools (such as the <a href="../cli.html">CLI</a>)
that do not have access to the application-defined functions.
</dd></p>

<p><a name="sqliteinnocuous"></a>
 <dt>SQLITE_INNOCUOUS</dt><dd>
The SQLITE_INNOCUOUS flag means that the function is unlikely
to cause problems even if misused.  An innocuous function should have
no side effects and should not depend on any values other than its
input parameters. The <a href="../lang_corefunc.html#abs">abs() function</a> is an example of an
innocuous function.
The <a href="../lang_corefunc.html#load_extension">load_extension() SQL function</a> is not innocuous because of its
side effects.
<p> SQLITE_INNOCUOUS is similar to SQLITE_DETERMINISTIC, but is not
exactly the same.  The <a href="../lang_corefunc.html#random">random() function</a> is an example of a
function that is innocuous but not deterministic.
<p>Some heightened security settings
(<a href="../c3ref/c_dbconfig_defensive.html#sqlitedbconfigtrustedschema">SQLITE_DBCONFIG_TRUSTED_SCHEMA</a> and <a href="../pragma.html#pragma_trusted_schema">PRAGMA trusted_schema=OFF</a>)
disable the use of SQL functions inside views and triggers and in
schema structures such as <a href="../lang_createtable.html#ckconst">CHECK constraints</a>, <a href="../lang_createtable.html#dfltval">DEFAULT clauses</a>,
<a href="../expridx.html">expression indexes</a>, <a href="../partialindex.html">partial indexes</a>, and <a href="../gencol.html">generated columns</a> unless
the function is tagged with SQLITE_INNOCUOUS.  Most built-in functions
are innocuous.  Developers are advised to avoid using the
SQLITE_INNOCUOUS flag for application-defined functions unless the
function has been carefully audited and found to be free of potentially
security-adverse side-effects and information-leaks.
</dd></p>

<p><a name="sqlitesubtype"></a>
 <dt>SQLITE_SUBTYPE</dt><dd>
The SQLITE_SUBTYPE flag indicates to SQLite that a function might call
<a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> to inspect the sub-types of its arguments.
This flag instructs SQLite to omit some corner-case optimizations that
might disrupt the operation of the <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> function,
causing it to return zero rather than the correct subtype().
SQL functions that invokes <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> should have this
property.  If the SQLITE_SUBTYPE property is omitted, then the return
value from <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> might sometimes be zero even though
a non-zero subtype was specified by the function argument expression.</p>

<p><a name="sqliteresultsubtype"></a>
 <dt>SQLITE_RESULT_SUBTYPE</dt><dd>
The SQLITE_RESULT_SUBTYPE flag indicates to SQLite that a function might call
<a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> to cause a sub-type to be associated with its
result.
Every function that invokes <a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> should have this
property.  If it does not, then the call to <a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a>
might become a no-op if the function is used as term in an
<a href="../expridx.html">expression index</a>.  On the other hand, SQL functions that never invoke
<a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> should avoid setting this property, as the
purpose of this property is to disable certain optimizations that are
incompatible with subtypes.
</dd>
</dl>
</p><p>See also lists of
  <a href="../c3ref/objlist.html">Objects</a>,
  <a href="../c3ref/constlist.html">Constants</a>, and
  <a href="../c3ref/funclist.html">Functions</a>.</p>