Phil Longstaff wrote:
There is a function to query the backend to see what features it supports, but prepared statements is not in that list. Also, if we require prepared statements, that might cut out the sqlite backend because a libgda modification to use it might not propagate out far enough. I know Derek wants to see the xml gnucash file replaced by a sqlite db, so we need to be really sure it is unusable before we disqualify it.
A quick Google search shows a number of references to prepared statement use in sqlite, which suggests to me that prepared statements are supported.
Two things worry me at this point about the current behaviour of libgda:- Row inserts are failing, but the error is not communicated back to the caller. As a result, the database is corrupted in the process.
- libgda doesn't seem to (yet) guarantee that prepared statements are used, and therefore that parameters do not need escaping.
The data being saved is financial data, and people are using this data to file tax returns and various other mandatory stuff that could prove expensive if done incorrectly. Gnucash should be treating this data conservatively, and should only be using backends that can give some kind of certainty that data won't be corrupted for any reason.
If we have to temporarily disable a backend until that backend works correctly, it is the safest thing to do, and offers an incentive to get the backend fixed.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ gnucash-devel mailing list [email protected] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
