I've been replacing all my Search, Update, Insert, and Delete actions
with DirectDBMS. Everything has been going along fine until I got to
some data that didn't get properly escaped, so I've investigated and
started using <@BIND>. A few observations and then questions.
1. Although we are advised to always quote attributes, it appears
that Witango 5.0.1.065 does not properly decode quoted paramters. So
<@BIND SCOPE="request" NAME="myvar"> does not work but <@BIND
SCOPE=request NAME=myvar> does. (This has been filed as a bug).
2. It looks like Witango database actions use binding for any
parameters where Quote Value = True, so I should probably do the same
and use:
UPDATE table SET text = <@BIND SCOPE=request NAME=input_text> WHERE
id = @@request$id
instead of
UPDATE table SET text = '@@request$input_text' WHERE id = @@request$id
3. The Programmers Guide refers to a 32k size limit for VARBIN
columns, but I've successfully inserted 8Megabyte files into BLOBs
using INSERT actions, so I assume <@BIND> will work with arbritarily
sized BLOBs. I guess I'll test and find out.
4. The Programmers Guide refers to OCI and ODBC (which I use). Does
anyone know if this works with JDBC?
5. Are there any other tips for using <@BIND>
thx.
Bill
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
