W3C home > Mailing lists > Public > public-html@w3.org > November 2007

SQL API -- statement syntax

From: Jim Jewett <jimjjewett@gmail.com>
Date: Wed, 31 Oct 2007 23:35:17 -0400
Message-ID: <fb6fbf560710312035r2dfc11bfxb233cf60522ca18@mail.gmail.com>
To: public-html@w3.org

I think the SQL API should be more explicit on the requirements for a
SQL statement.

http://www.whatwg.org/specs/web-apps/current-work/multipage/section-sql.html#executesql

In particular, should the statement (before substitution) be something
that a SQL engine could prepare?  Are quote marks around the question
marks expected and/or required?  Is the replacement value restricted
to be a single token?  Is the final ";" expected or required?

To make that more concrete, which of the following are valid?

Statement = "?"
Arguments = ["select * from mytable;"]

Statement = "sel?table;"
Arguments = ["lect * from my"]

Statement = "select * from mytable where x = ?;"
Arguments = ["1 and y=2"]

Statement = "select * from mytable where x = ?;"
Arguments = ["1;select * from yourtable;"]

/* note the lack of ";"  */
Statement = "select * from mytable"

Statement = "select * from mytable where x='?';"
Arguments = ["1';select * from yourtable where y='1"]

-jJ
Received on Thursday, 1 November 2007 03:35:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:50 UTC