[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for databa
From: |
Christof Petig |
Subject: |
Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style |
Date: |
Tue, 24 Jan 2006 22:43:45 +0100 |
User-agent: |
Mail/News 1.5 (X11/20060119) |
Glen Ditchfield wrote:
> On Tuesday 24 January 2006 02:13, Nathaniel Smith wrote:
>> The new API is like:
>> execute(query("DELETE FROM my_table WHERE attr = ?") % blob(foo));
>
> Is there some code somewhere that escapes single-quotes? I've seen too many
> bugs in other systems where the code sets up a query like
> "SELECT stuff FROM my_table WHERE surname = '?' ")
> and then some other code substitutes in "O'Toole" instead of "O''Toole".
This is not an issue here since query and parameter are passed seperated
to the database. (And the parameter is not parsed).
Christof
signature.asc
Description: OpenPGP digital signature