Complete rawQuery implementation with comprehensive tests

- Add Query::raw() method for executing SQL queries with literal question marks
- Implement comprehensive test suite covering various question mark scenarios
- Fix fetch() method to handle raw queries without field binding
- Support struct-based fetching with raw queries
- Add error handling for bind function

Author: ozgurcancal

README.md

@@ -188,6 +188,40 @@ client.query("DROP TABLE IF EXISTS some").execute().await?;
 <details>
 <summary>
 
+### Raw queries (without parameter binding)
+
+</summary>
+
+```rust,ignore
+use serde::Deserialize;
+use clickhouse::Row;
+
+#[derive(Row, Deserialize)]
+struct MyRow {
+    no: u32,
+    name: String,
+}
+
+// Raw queries don't support parameter binding but handle literal question marks
+let rows = client
+    .query_raw("SELECT no, name FROM some WHERE name LIKE 'test%?' ORDER BY no")
+    .fetch_all::<MyRow>()
+    .await?;
+```
+
+* Raw queries use an **odd/even question mark strategy**:
+  - Consecutive odd number of `?` (1, 3, 5, ...) → add one more `?`
+  - Consecutive even number of `?` (2, 4, 6, ...) → keep as is
+* Single `?` becomes `??` (literal `?` in ClickHouse)
+* Double `??` stays `??` (already escaped)
+* **No parameter binding**: `bind()` and `param()` methods will panic
+* Useful for pre-built SQL strings, legacy code migration, or when SQL contains literal question marks
+* ⚠️ **Security warning**: Since no parameter binding is available, ensure user input is properly sanitized
+
+</details>
+<details>
+<summary>
+
 ### Live views
 
 </summary>

examples/README.md

@@ -9,6 +9,7 @@ If something is missing, or you found a mistake in one of these examples, please
 ### General usage
 
 - [usage.rs](usage.rs) - creating tables, executing other DDLs, inserting the data, and selecting it back. Additionally, it covers `WATCH` queries. Optional cargo features: `inserter`, `watch`.
+- [query_raw.rs](query_raw.rs) - raw queries without parameter binding, with question mark escaping.
 - [mock.rs](mock.rs) - writing tests with `mock` feature. Cargo features: requires `test-util`.
 - [inserter.rs](inserter.rs) - using the client-side batching via the `inserter` feature. Cargo features: requires `inserter`.
 - [async_insert.rs](async_insert.rs) - using the server-side batching via the [asynchronous inserts](https://clickhouse.com/docs/en/optimize/asynchronous-inserts) ClickHouse feature

examples/query_raw.rs

@@ -0,0 +1,61 @@
+//! Raw queries without parameter binding, with question mark escaping.
+
+use clickhouse::{Client, Row};
+use serde::{Deserialize, Serialize};
+
+#[derive(Row, Debug, Serialize, Deserialize)]
+struct TestData {
+    id: u32,
+    pattern: String,
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let client = Client::default()
+        .with_url("http://localhost:8123")
+        .with_database("default");
+
+    // Create test table
+    client
+        .query_raw("CREATE TABLE IF NOT EXISTS query_raw_demo (id UInt32, pattern String) ENGINE = MergeTree ORDER BY id")
+        .execute()
+        .await?;
+
+    // Insert data with question marks (they will be escaped)
+    client
+        .query_raw(
+            "INSERT INTO query_raw_demo VALUES (1, 'single?'), (2, 'double??'), (3, 'triple???')",
+        )
+        .execute()
+        .await?;
+
+    // Query data back
+    let rows = client
+        .query_raw("SELECT id, pattern FROM query_raw_demo ORDER BY id")
+        .fetch_all::<TestData>()
+        .await?;
+
+    println!("Data retrieved:");
+    for row in &rows {
+        println!("  ID {}: '{}'", row.id, row.pattern);
+    }
+
+    // Show SQL transformation
+    let demo_query = client.query_raw("SELECT * WHERE pattern = 'test?'");
+    println!("\nSQL transformation:");
+    println!("  Original: SELECT * WHERE pattern = 'test?'");
+    println!("  Sent to server: {}", demo_query.sql_display());
+
+    // Note: Parameter binding would panic
+    // client.query_raw("SELECT * WHERE id = ?").bind(42);  // ❌ Panics!
+
+    // Clean up
+    client
+        .query_raw("DROP TABLE query_raw_demo")
+        .execute()
+        .await?;
+
+    println!("\n✅ Example completed!");
+
+    Ok(())
+}

src/lib.rs

@@ -313,6 +313,11 @@ impl Client {
         query::Query::new(self, query)
     }
 
+    /// Starts a new SELECT/DDL query that will be used as-is without any processing.
+    pub fn query_raw(&self, query: &str) -> query::Query {
+        query::Query::raw(self, query)
+    }
+
     /// Starts a new WATCH query.
     ///
     /// The `query` can be either the table name or a SELECT query.

src/query.rs

@@ -23,13 +23,23 @@ use crate::headers::with_authentication;
 pub struct Query {
     client: Client,
     sql: SqlBuilder,
+    raw: bool,
 }
 
 impl Query {
     pub(crate) fn new(client: &Client, template: &str) -> Self {
         Self {
             client: client.clone(),
             sql: SqlBuilder::new(template),
+            raw: false,
+        }
+    }
+    /// Creates a new query that will be used as-is without any processing.
+    pub(crate) fn raw(client: &Client, query: &str) -> Self {
+        Self {
+            client: client.clone(),
+            sql: SqlBuilder::raw(query),
+            raw: true,
         }
     }
 
@@ -53,6 +63,9 @@ impl Query {
     /// [`Identifier`]: crate::sql::Identifier
     #[track_caller]
     pub fn bind(mut self, value: impl Bind) -> Self {
+        if self.raw {
+            panic!("bind() cannot be used with raw queries");
+        }
         self.sql.bind_arg(value);
         self
     }
@@ -84,9 +97,10 @@ impl Query {
     /// # Ok(()) }
     /// ```
     pub fn fetch<T: Row>(mut self) -> Result<RowCursor<T>> {
-        self.sql.bind_fields::<T>();
+        if !self.raw {
+            self.sql.bind_fields::<T>();
+        }
         self.sql.set_output_format("RowBinary");
-
         let response = self.do_execute(true)?;
         Ok(RowCursor::new(response))
     }

src/query_raw.rs

@@ -0,0 +1,226 @@
+//! Raw SQL queries without parameter binding.
+//!
+//! [`QueryRaw`] executes SQL as-is without parameter binding support.
+//! Question marks are escaped using an odd/even strategy:
+//! - `?` → `??` (odd count, add one more)
+//! - `??` → `??` (even count, unchanged)
+use crate::{error::Result, row::Row, sql::Bind, Client};
+use serde::Serialize;
+
+pub use crate::cursors::{BytesCursor, RowCursor};
+use crate::query::Query;
+
+#[must_use]
+#[derive(Clone)]
+pub struct QueryRaw {
+    query: Query,
+}
+
+impl QueryRaw {
+    pub(crate) fn new(client: &Client, template: &str) -> Self {
+        // Raw queries apply odd/even question mark strategy:
+        // - Consecutive odd number of ? (1,3,5...) -> add one more ?
+        // - Consecutive even number of ? (2,4,6...) -> keep as is
+        Self {
+            query: Query::new_raw(client, template),
+        }
+    }
+
+    /// Display the SQL query with question mark escaping applied.
+    pub fn sql_display(&self) -> &impl std::fmt::Display {
+        self.query.sql_display()
+    }
+
+    /// Attempts to bind a value to the query.
+    ///
+    /// # Panics
+    /// Always panics - raw queries don't support parameter binding.
+    #[track_caller]
+    pub fn bind(self, _value: impl Bind) -> Self {
+        panic!("cannot bind parameters to raw query - use regular query() for parameter binding");
+    }
+
+    /// Attempts to set server-side parameters for the query.
+    ///
+    /// # Panics
+    /// Always panics - raw queries don't support parameter binding.
+    #[track_caller]
+    pub fn param(self, _name: &str, _value: impl Serialize) -> Self {
+        panic!("cannot set parameters on raw query - use regular query() for parameter binding");
+    }
+
+    /// Executes the query.
+    pub async fn execute(self) -> Result<()> {
+        self.query.execute().await
+    }
+
+    /// Executes the query, returning a [`RowCursor`] to obtain results.
+    pub fn fetch<T: Row>(self) -> Result<RowCursor<T>> {
+        self.query.fetch()
+    }
+
+    /// Executes the query and returns just a single row.
+    pub async fn fetch_one<T>(self) -> Result<T>
+    where
+        T: Row + for<'b> serde::Deserialize<'b>,
+    {
+        self.query.fetch_one().await
+    }
+
+    /// Executes the query and returns at most one row.
+    pub async fn fetch_optional<T>(self) -> Result<Option<T>>
+    where
+        T: Row + for<'b> serde::Deserialize<'b>,
+    {
+        self.query.fetch_optional().await
+    }
+
+    /// Executes the query and returns all the generated results,
+    /// collected into a Vec.
+    pub async fn fetch_all<T>(self) -> Result<Vec<T>>
+    where
+        T: Row + for<'b> serde::Deserialize<'b>,
+    {
+        self.query.fetch_all().await
+    }
+
+    /// Executes the query, returning a [`BytesCursor`] to obtain results as raw
+    /// bytes containing data in the [provided format].
+    pub fn fetch_bytes(self, format: impl Into<String>) -> Result<BytesCursor> {
+        self.query.fetch_bytes(format)
+    }
+
+    /// Similar to [`Client::with_option`], but for this particular query only.
+    pub fn with_option(mut self, name: impl Into<String>, value: impl Into<String>) -> Self {
+        self.query = self.query.with_option(name, value);
+        self
+    }
+}
+
+impl std::fmt::Display for QueryRaw {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.query.sql_display())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::Client;
+    use serde::{Deserialize, Serialize};
+
+    // XXX: need for `derive(Row)`. Provide `row(crate = ..)` instead.
+    use crate as clickhouse;
+    use clickhouse_derive::Row;
+
+    #[derive(Row, Debug, Serialize, Deserialize)]
+    struct TestRow {
+        id: u32,
+        name: String,
+    }
+
+    #[test]
+    fn test_question_mark_escaping() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE name LIKE 'test%?'");
+        // Single ? (odd) becomes ??
+        assert_eq!(
+            query.sql_display().to_string(),
+            "SELECT * FROM test WHERE name LIKE 'test%??'"
+        );
+    }
+
+    #[test]
+    fn test_multiple_question_marks() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE a = ? AND b = ?");
+        // Each single ? (odd) becomes ??
+        assert_eq!(
+            query.sql_display().to_string(),
+            "SELECT * FROM test WHERE a = ?? AND b = ??"
+        );
+    }
+
+    #[test]
+    fn test_already_escaped_question_marks() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE name LIKE 'test%??'");
+        // Double ?? (even) stays ??
+        assert_eq!(
+            query.sql_display().to_string(),
+            "SELECT * FROM test WHERE name LIKE 'test%??'"
+        );
+    }
+
+    #[test]
+    #[should_panic(expected = "cannot bind parameters to raw query")]
+    fn test_bind_panics() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE id = ?");
+        let _ = query.bind(42); // This should panic
+    }
+
+    #[test]
+    #[should_panic(expected = "cannot set parameters on raw query")]
+    fn test_param_panics() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE id = {val: Int32}");
+        let _ = query.param("val", 42); // This should panic
+    }
+
+    #[test]
+    fn test_with_option() {
+        let client = Client::default();
+        let query = client
+            .query_raw("SELECT * FROM test")
+            .with_option("max_execution_time", "60");
+        assert_eq!(query.sql_display().to_string(), "SELECT * FROM test");
+    }
+
+    #[test]
+    fn test_display_implementation() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE name LIKE 'test%?'");
+        let display = format!("{}", query);
+        assert_eq!(display, "SELECT * FROM test WHERE name LIKE 'test%??'");
+    }
+
+    #[test]
+    fn test_complex_escaping() {
+        let client = Client::default();
+        let query = client.query_raw(
+            "SELECT '?', '??', '???', 'a?b', 'a??b', 'a???b' FROM test WHERE pattern LIKE '%?%'",
+        );
+        // ? -> ??, ?? -> ??, ??? -> ????, a?b -> a??b, a??b -> a??b, a???b -> a????b, %?% -> %??%
+        let expected = "SELECT '??', '??', '????', 'a??b', 'a??b', 'a????b' FROM test WHERE pattern LIKE '%??%'";
+        assert_eq!(query.sql_display().to_string(), expected);
+    }
+
+    #[test]
+    fn test_mixed_patterns() {
+        let client = Client::default();
+        // Test odd/even strategy: ? -> ??, ?? -> ??, ??? -> ????, ???? -> ????
+        let query = client.query_raw("SELECT '?', '??', '???', '????' FROM test");
+        let expected = "SELECT '??', '??', '????', '????' FROM test";
+        assert_eq!(query.sql_display().to_string(), expected);
+    }
+
+    #[test]
+    fn test_consecutive_question_marks() {
+        let client = Client::default();
+        // Test various consecutive patterns
+        let query = client.query_raw("SELECT '?????', '??????', '???????' FROM test");
+        // ????? (5, odd) -> ??????, ?????? (6, even) -> ??????, ??????? (7, odd) -> ????????
+        let expected = "SELECT '??????', '??????', '????????' FROM test";
+        assert_eq!(query.sql_display().to_string(), expected);
+    }
+
+    #[test]
+    fn test_no_question_marks() {
+        let client = Client::default();
+        let query = client.query_raw("SELECT * FROM test WHERE id = 42");
+        assert_eq!(
+            query.sql_display().to_string(),
+            "SELECT * FROM test WHERE id = 42"
+        );
+    }
+}