On Apr 16, 2008, at 4:20 PM, Bas Scheffers wrote:
On 17/04/2008, at 8:14 AM, Dossy Shiobara wrote:
I have wanted to add bind variable support to nsdb for a _long_ time,
but never got around to computing this support matrix that I describe
above.
I don't really like bind variables, I would much rather see it
implemented like:
ns_db select $db "select * from people where country = $1 and age >
$2" [list "au" 25]
Geez, names are more readable than numbers in any sizable query.
nspostgres supports the optional passing of an ns_set to define the
bind vars, and the openacs db api will convert an array get list to
the ns_set for you.
And the default bind var syntax is just damned convenient, why force
more work than is necessary on the part of the person writing queries?
And before answering "well, they can always use the variable directly"
remember that both emulated and real bind vars give protect against
sql smuggling.
----
Don Baccus
http://donb.photo.net
http://birdnotes.net
http://openacs.org
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]>
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
