From 3584c945233d608daaf592eca66feaa04f622af9 Mon Sep 17 00:00:00 2001
From: JonKazama-Hellion <f.wathling@gmail.com>
Date: Sat, 2 May 2026 21:25:40 +0200
Subject: [PATCH] docs(db): explain why pragma statements stay interpolated

Both PRAGMA call sites take values that SQLite does not accept as
bound parameters. ColumnExists takes a hardcoded table name, the
migration call takes a compile-time int from the version sequence.
Comments now state both facts so future readers don't try to wedge a
defensive whitelist into a path that cannot be reached from anywhere
user-controlled.
---
 ChatTwo/MessageStore.cs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ChatTwo/MessageStore.cs b/ChatTwo/MessageStore.cs
index 4aa5904..988367a 100644
--- a/ChatTwo/MessageStore.cs
+++ b/ChatTwo/MessageStore.cs
@@ -239,6 +239,9 @@ internal class MessageStore : IDisposable
 
     private bool ColumnExists(string table, string column)
     {
+        // PRAGMA does not accept SQLite parameter bindings. The table name is
+        // a compile-time constant fed in from internal call sites, so the
+        // interpolation cannot be reached from any user-controlled path.
         using var cmd = Connection.CreateCommand();
         cmd.CommandText = $"PRAGMA table_info({table});";
         using var reader = cmd.ExecuteReader();
@@ -298,8 +301,10 @@ internal class MessageStore : IDisposable
     {
         Plugin.Log.Information($"Setting version {version}");
         using var cmd = Connection.CreateCommand();
-        // Parameters aren't supported for PRAGMA queries, and you can't set the
-        // version with a pragma_ function.
+        // PRAGMA does not accept SQLite parameter bindings, and there is no
+        // pragma_ function variant that can set the version either. The
+        // version is a compile-time int from the migration sequence, never
+        // user input.
         cmd.CommandText = $"PRAGMA user_version = {version};";
         cmd.ExecuteNonQuery();
     }