OK, so this is not a problem when we are working with the databases
'live', since they are using parameterized queries. It IS a problem
when using the 'install' and 'sql' sub-commands, since those are built
up using simple string concatenation.
So if all the following were true, would this be acceptable?
1. Each backend class grew a escapeChars() method that worked
correctly.
2. My original change used the appropriate method when composing the
sql statements.
3. We comment the function to state it is only to be used for sql
string composition.
How about:
- Each backend class grew escapeChars() method.
- It raises NotImplemented if its not implemented/NotPossible if escaping can not be done without an open connection.
- Your original change tries to use escapeChars and if no exception is thrown, but resorts to current way on exception.
- On exception a warning is printed along with SQL about the problem.
--
Amit Upadhyay
Blog: http://www.rootshell.be/~upadhyay
+91-9867-359-701
