Re: DB code

[Christopher A. Watford]

On 10/17/05, garaged <[EMAIL PROTECTED]> wrote:
> Do you think is cleaner or easy to understand to do prepared queries
> vs correct quotation??

It is much cleaner to do (psuedo):

q = "SELECT field1, field2 FROM table1 WHERE fieldX = :? AND fieldY = :?";
statement = prepare(q);
bind_outvalue(statement, 0, &field1, SQL_INT);
bind_outvalue(statement, 1, &field2, SQL_BOOLEAN);
bind_invalue(statement, 0, &fieldX, SQL_INT);
bind_invalue(statement, 1, &fieldY, SQL_STRING);
query(statement);

print field1, field2;

rather than:

if(!is_int(fieldX))
   error;

if(!is_string(fieldY))
   error;

q = "SELECT field1, field2 FROM table1 WHERE fieldX = " + fieldX + "
AND fieldY = " + quote(fieldY);

result = query(q);
row = get_row(result);
field1 = row[0];
field2 = row[1];

if(!is_int(field1))


> You have to remember exactly the correct sequence of parameters for
> every query. I'm not that good with memory, but I migth be one in a
> million.
>
> Max
>
> --
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++
> O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+
> z**
> ------END GEEK CODE BLOCK------
>
>


--
Christopher A. Watford
[EMAIL PROTECTED]
http://dorm.tunkeymicket.com
http://www.theroadtrip2005.com