The rationale is that the low-level database interface accepts parameters directly instead of inserting them inside the query manually (like HoleyMonoid would do). Postgresql-simple also does parameter substitution on haskell side. This is not safe and may cause to http://en.wikipedia.org/wiki/SQL_injection because of not properly done backquoting. Low-level database interface knows better how to work with parameters, so the driver must pass them to it instead of parameters substitution.
hdbi-postgresql just replace "?" to "$1" sequence properly parsing and ignoring question marks inside the doublequoted identifiers, quoted literals and even dollar quoted literals 4.1.2.2. Dollar-Quoted String Constants<http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html> 2013/7/31 Tom Ellis <tom-lists-haskell-cafe-2...@jaguarpaw.co.uk> > On Wed, Jul 31, 2013 at 09:45:50AM +0600, Alexey Uimanov wrote: > > Hello, haskellers. This is the first release of HDBI (Haskell Database > > Independent interface). > > Hi, thanks for this Alexey. It's great that there is continued development > of this really important infrustructure for Haskell. > > I have a question about variable interpolation, that is, using "?" > parameter > placeholders in the query strings, as documented here: > > > http://hackage.haskell.org/packages/archive/hdbi/1.0.0/doc/html/Database-HDBI.html > > I know postgresql-simple does this, and presumably database access > libraries > in other languages do this too. > > What is the rationale for this when in Haskell we have safer methods of > interpolation at our disposal (for example HoleyMonoid)? Is it simply a > matter of using the most familiar interface, or is there a deeper reason > this is necessary? > > Thanks, > > Tom > > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe >
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe