2009/7/13 Murray Cumming <[email protected]> > On Sun, 2009-07-05 at 19:20 +0200, Murray Cumming wrote: > > On Sun, 2009-07-05 at 17:55 +0200, Vivien Malerba wrote: > > > You won't be able to have at the same time a database abstraction > > > layer and use user input without any validation. For example if you > > > the user has a MyTable table name, then to use this table you _will_ > > > at some point have to check if you need quotes or not yourself. > > > > I always use quotes. I don't need to check. > > Vivien wrote: > > Anyway, I've committed to git master and LIBGDA_4.0 branches > > > corrections with documentation which explain the design choices that > > were made. > > Thanks for the recent fixes. Things seem to work now in Glom but I > wanted to check that we are really doing the right thing. I have some > questions. > > 1. > You added a section about SQL Identifiers that mentions quotes: > > But I find this surprising, and I doubt that it's true: > http://git.gnome.org/cgit/libgda/tree/doc/C/libgda-4.0-docs.sgml#n465 > " > Many people consider that using the quoted syntax should be avoided if > possible because: > - once an SQL identifier has been defined using the quoted syntax, it > must always be used quoted, which is error prone especially if external > tools are used on the database. > "
>From my own experience and from what I've gathered from other people and from the misc docs and books, this is a kind of personnal recommendation I'd do. I added it in the doc to explain that Libgda could not force people to use quotes all the time. I can remove it if you think it's out of topic or is out of Libgda's scope. > > > 2. > The latest documentation is not online yet because it is not yet in a > tarball, so I can't link to it, but I've built it locally. > > I still can't see anything in the gda_connection_update_meta_store() (or > anything linked from there) about whether or not we should use > gda_sql_identifier_add_quotes() for the "table_name" value in > GdaMataContext::column_values. > > The "Update the meta data about a table" section doesn't use > gda_sql_identifier_add_quotes(), though we now seem to need to use it in > libgdamm. Note that that section mentions a "Get information" section, > but there is no link. > > 3. > In fact, I don't see any link from GdaMetaContext to a description of > possible values for the GdaMetaContext field structs, though the > gda_connection_update_meta_store() documentation mentios "_tables" and > "_columns" as possible values for GdaMetaContext::table_name. > > The "database structure" section provides some hints, but the > documentation should explain how that maps to GdaMetaContext." > Sorry I've been so long to answer, but I've been busy fixing the SQL identifiers mess (there are so many differences between databases in details...) Anyway, I've just pushed in git LIBGDA_4.0 branch, some fixes in the gda_sql_identifier_quote() function which you can use in Glom, along with a test case (which I'll soon add to the NR tests directory), attached (for the PostgreSQL and MySQL you need to create an empty "testcase" database). Basically, you have an SQL Id (presumably entered by the user), and use gda_sql_identifier_quote(id,...,FALSE,...) to have a valid SQL identifier to create a database object (for example a table), and use again gda_sql_identifier_quote(id,...,TRUE,...) with gda_connection_update_meta_store() or other GdaMetaStore's related functions. See the test case in the attachment. I'll apply the modifications to the master branch and fix all the documentation which needs to be fixed ASAP. Regards, Vivien > >
meta-store-case.tbz
Description: application/bzip-compressed-tar
_______________________________________________ gnome-db-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-db-list
