SQL API -- statement syntax

I think the SQL API should be more explicit on the requirements for a
SQL statement.

http://www.whatwg.org/specs/web-apps/current-work/multipage/section-sql.html#executesql

In particular, should the statement (before substitution) be something
that a SQL engine could prepare?  Are quote marks around the question
marks expected and/or required?  Is the replacement value restricted
to be a single token?  Is the final ";" expected or required?

To make that more concrete, which of the following are valid?

Statement = "?"
Arguments = ["select * from mytable;"]

Statement = "sel?table;"
Arguments = ["lect * from my"]

Statement = "select * from mytable where x = ?;"
Arguments = ["1 and y=2"]

Statement = "select * from mytable where x = ?;"
Arguments = ["1;select * from yourtable;"]

/* note the lack of ";"  */
Statement = "select * from mytable"

Statement = "select * from mytable where x='?';"
Arguments = ["1';select * from yourtable where y='1"]

-jJ

Received on Thursday, 1 November 2007 03:35:29 UTC