Converting a .nill to NULL would/should be the responsibility of the
implementer. And the best place to do that would be in a sanitize routine that
all column values should be sent to prior to an insertion/update. That is if
you want to bypass the possibility OS SQL injection.
Sent From My iPhone
On Jun 21, 2012, at 3:59 PM, Mark Miesfeld <[email protected]> wrote:
> On Thu, Jun 21, 2012 at 12:06 PM, hakan <[email protected]> wrote:
> As I have limited knowledge in SQL, I "know" the following:
> The NULL value in a SQL statement is just NULL, no quotes
>
> Okay, then that is the way the string you pass to .ooSQLiteStmt() needs to be
> constructed.
>
>
> and that is the hard part when building a resulting string in rexx using rexx
> variables. That's why I use string~changestr('NULL', NULL) as my
> uninitialized variables will be set to this value ('NULL') if they don't
> exist in the current record built for insert.
>
> Then that seems like a good solution and the one you should use.
>
>
> There is no apparently overhead in doing the changestr clause, I now inserts
> ~500 000 records spread over 5 tables(~7 columns/table) + 2 indexes in about
> 120-180 seconds, using a memory database and then copy it to disc.
> So I can accept doing the changestr in my code.
> It's mearly a matter of convinence about the NULL, and maybe the size of the
> database( i believe NULL take less space than 1 space or more) and the fact
> you can't query the database for "if not NULL" of " if NULL"
>
>
> Well, yes you definitely want to be able to insert the SQL null into your
> databases. To do that you can construct your SQL string so that NULL is not
> quoted, or use parameters in the SQL string.
>
> But here is where you lost me. From your first post:
>
> But can it be possible to get support for .nil (NULL) in ooSQLite so the each
> sql statement is scanned (to remove the quotes) before handover to SQLite.
>
>
> I'm not sure I understand what you want ooSQLite to do here. Scan every
> string passed to .ooSQLiteStmt~new(.. string) and look for / change what. If
> the string has: the NIL object in it, change that to NULL? If the string
> has: 'NULL' change that to NULL?
>
> What if the user wanted "the NIL object" in the string? What if the user
> wanted the value to be the string NULL?
>
> Plus, each language has its strong points. The place to do string
> manipulation is in the Rexx code, not in the C/C++ implmentation code.
>
> The implementation of .ooSQLiteStmt~new() could do a changstr() on the passed
> in string and then call the C/C++ plus implementation code. But then that
> forces every programmer to have the overhead of changestr() running on every
> single SQL statement, and the risk of getting wrong.
>
> I understand the concept of making it easier for the Rexx programmer no
> matter if it is hard to do in the implementation code or not. But this seems
> like a case where it is not a good idea. It doesn't seem like a good idea to
> force every program to incur the overhead of scanning every SQL string and
> possibly do some type of replacement when the majority of the SQL strings
> don't need that.
>
> --
> Mark Miesfeld
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Oorexx-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/oorexx-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
