On Thursday, 2 February 2017 at 13:28:48 UTC, Shachar Shemesh
wrote:
Arguments should ALWAYS be passed out of line of the actual
call command, so that the server has no chance of confusing
arguments and commands.
I know. That's exactly what my library does, and I assume all the
others listed; `args...` there is a placeholder for binded
arguments (the actual call might look something like
`db.query("CALL proc(?, ?)", arg, arg2);` or similar). But CALL
works the same way as UPDATE, SELECT, INSERT, etc., you can do it
in sql without needing a special api function to use it.
Sadly, that typically requires a DB library specific to the DB
in use.
Every generic DB library I have ever seen abstracts placeholder
arguments and most do prepared statements, which also abstract
such things gnerically. I didn't mention it in my example because
EVERYONE (except like universally recognized garbage like php4
lol, but I'll even exclude it because its api isn't generic) does
it and I assumed that'd be common knowledge.
