Hey List, since I'm both far too lazy to escape every bit of data that
goes into a database and too paranoid to trust said escaping in any
case, I've worked through adding parameterized queries to at least the
postgres driver. Unlike postgresql's native $1 $2 syntax (which makes
queries almost unmaintainable IMHO) the syntax follows the more common
:name placeholder instead. This will make it a snap for at least OCI
and SQLite (which I can hopefully get to before long.)
For example, here's something from tests/postgres.lua:
local args = {
a = 42,
b = nil,
c = "foo",
}
CONN:executeparams("insert into t (f1, f2, f3) values (:a, :b, :c)", args)
This at least makes LuaSQL useful in environments (like the one I find
myself in) where code that uses string concatenation for queries is
strictly forbidden as a matter of policy.
Any interest? I'm digging around luaforge.net and such for submission
guidelines..
-P
_______________________________________________
Kepler-Project mailing list
Kepler-Project@lists.luaforge.net
http://lists.luaforge.net/cgi-bin/mailman/listinfo/kepler-project
http://www.keplerproject.org/
