2008/9/7 Maurice van der Pot <[EMAIL PROTECTED]>: > I wanted to escape a string that I am going to use as a value in an SQL > statement, but I'm unsure what function to use. > > I see there's gda_default_escape_string(), but that is also used as a > fallback in gda_server_provider_escape_string() so that may not be a > preferred function. > > Then there's gda_server_provider_escape_string(), but I thought I should > not call any of the server provider functions directly and I don't see > anything in gda_connection that uses it. > > Finally there's gda_connection_value_to_sql_string(), but that requires > me to put the string into a GValue first. > > What's the best way? >
Data representations conversion in Libgda is done by GdaDataHandler objects, you may get a pointer to an instance using gda_dict_get_handler(), assuming you use Libgda 3.x. Then use gda_data_handler_get_value_from_str() to get a new GValue from your string, and gda_data_handler_get_sql_from_value() to convert it to SQL (don't forget to call gda_value_free() to free the GValue created by the first call). Note however that it is much safer to use variables in SQL statements and bind the variables when the statement is executed to avoid code injection and to have better performances. Unfortunately this is not very well supported with the 3.x versions. With the upcomping V4 version, this method is fully supported. Regards, Vivien _______________________________________________ gnome-db-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-db-list
