Some more musing on the examples.
In the insertIntoDatabase example, the SQL statements are constructed using
sql = "INSERT INTO contacts (fName, mName, lName, nickname, title)" || -
" VALUES('"c[1]"', '"c[2]"', '"c[3]"', '"c[4]"', '"c[5]"');"
This has a drawback that the values inserted are content sensitive. A
' character in any of the values will cause this to fail. This sort
of SQL statement construction is also vulnerable to SQL injection
exploits. A nicer approach would be to provide an object that the
database would use to retrieve the individual values by name. For
example, for this example, you could define
::class contact
::attribute firstName
::attribute middleName
::attribute lastName
::attribute nickname
::attribute title
and construct the statement something like this:
sql = "INSERT INTO contacts (fName, mName, lName, nickname, title)" || -
" NAMES(firstName, middleName, lastName, nickname, title);"
stmt = .ooSQLiteStmt~new(db, sql, contact)
The contact instance would then use the names in the statement to
retrieve the individual values. This could also work on a retrieval,
where an instance of an object is provided and the corresponding
assignment methods are called to set the retrieved values. This would
work well with directory objects as well, and with a small tweak,
could even recognize stem objects and set and retrieve the values
there as wll.
Rick
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
