> > > > 2008/12/23 Vivien Malerba <[email protected]> > >> >> >> 2008/12/21 Daniel Espinosa <[email protected]> >> >>> Hi all >>> >>> I'm working in gda_insert_row_into_table but have some troubles: >>> >>> I'm creating the SQL usin GdaSqlStatement structs, with success but >>> strings are renderer with out quotes ("") can any help me to know how can I >>> do this to work. >>> >>> I'm adding a GdaSqlExpr to values GList in the GdaSqlStatementInsert, >>> when render the GdaSqlStatement I get: >>> >>> INTO test (q, number, a) VALUES (NEW TEXT, 1000, NUEVO NOMBRE) >>> >>> it is an invalid SQL, how can I get quoted strings. This must be >>> >>> INTO test (q, number, a) VALUES ('NEW TEXT', 1000, 'NUEVO NOMBRE') >>> >>> for a PostgreSQL database. >> >> >> It's up to you to add quotes where they are needed (because the >> GdaSqlStatement is just a tree representation of an SQL statement). Anyway, >> what you should do is use GdaSqlParamSpec (which are variables or >> parameters), this will have the following benefits: >> * avoid you the job of adding quotes when needed >> * avoid any SQL injection problems >> >> > Coul you help me on how create a GdaSqlParamSpec?
As Far As I Undertand for the code in gda_sql_param_spec_new (GValue *value), the value paramenter must be a string with the following syntax: "PARAM_NAME:G_TYPE_INT:N" As a collateral efect all functions in sql-parser directory doesn't have any documentation, then may is time to work on them, I'll try to help on them. -- Trabajar, la mejor arma para tu superación "de grano en grano, se hace la arena" (R) (en trámite, pero para los cuates: LIBRE)
_______________________________________________ gnome-db-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-db-list
