On Wednesday 16 April 2008 16:20, Bas Scheffers wrote: > I don't really like bind variables, I would much rather see it > implemented like: > ns_db select $db "select * from people where country = $1 and age > > $2" [list "au" 25]
You can look at the examples in my recent post. It works with plain 'ol AOLserver, doesn't use bind vars, but is safe from SQL smuggling attacks (which is most of the reason for bind vars). Your script/page level code can remain unchanged even when you switch databases. I look at ns_db as a starting point, but it is too vulnerable to the database you are using. The stored procedure model is more robust and easy to emulate, as my example code demonstrates. Also, if anyone is interested on working on a database driver, please choose and odbc driver. The unixodbc library code is well maintained and the newer SQL standards follow it. Both Oracle and postgreSQL point to their ODBC interface as their approximation to the newer standards. One interesting enhancement to ns_db might be to exploit the data dictionary which is now standard for SQL. Using this, you can get tables, columns, etc. The queries don't change from db to db, so you can query capabilities, etc. I'm slowly working on it, very slowly. tom jackson -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
