On 7/13/2011 9:59 AM, Julien Cigar wrote:
On 07/13/2011 15:38, Rahkonen Jukka wrote:
Julien Cigar wrote:
This may be a stupid question but: is there a reason why
PQescapeStringConn() is not used to do the substitution?
Perhaps because Mapserver does not support just PostgreSQL but also
Oracle, SQL Server, MySQL, Informix, CouchDB etc. Therefore it is good
to have some general purpose validation system. Of cause more
sophisticated systems for each datastore would not harm.
-Jukka Rahkonen-
Thanks,
Julien
I see .. :)
Thanks!
Julien,
This is a good question and it has been discussed among the dev's. One
thing we discussed was having a generic escape function that would be
implemented by each driver that the code could call to deal with the
various issues of driver support. But alas it is more complicated than
simple variable quoting, because substitution can replace table names,
column names, or parts of expressions like "foobar in(%filter%)"
So we continue to improve on it and restructure code as needed, but as
the above examples suggest it is not a trivial fix and currently the
validation patterns work, but require the user to implement them based
on their needs.
Thanks,
-Steve W
_______________________________________________
mapserver-users mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapserver-users
