On Tue, 5 Jul 2011 20:45:20 +0200, Olaf van der Spek <[email protected]>
wrote:
> A wrapper I wrote before uses syntax like this:
> Csql_query q(con, "select * from users where uid = ?");
> q.p(uid);
> q.execute();
I wonder if we should in addition support named placeholders, or indeed
*only* support named placeholders. I wonder how many bad queries have
been constructed accidently due to editing content of query but not the
substituting of placeholders.
> Csql_query(con, "select * from ? where name =
> ?").name("users").p(name).execute();
>
> The 'format' argument contains placeholders '?'. Each call to p()
> replaces a placeholder, while automatically performing escaping and
> quoting based on argument type.
> name() can be used for names (using ` quotes) and raw() can be used to
> skip escaping and quoting.
> This syntax is simple and safe and I'd like to add it to the Drizzle
> client lib.
>
> What are your opinions on this?
looks pretty nice so far.
--
Stewart Smith
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
