W3C home > Mailing lists > Public > public-html@w3.org > November 2007

Re: SQL API -- statement syntax

From: Jim Jewett <jimjjewett@gmail.com>
Date: Fri, 9 Nov 2007 14:08:15 -0500
Message-ID: <fb6fbf560711091108w2b696f5odabac12e34592902@mail.gmail.com>
To: public-html@w3.org
Cc: ian@hixie.ch

Ian Hickson answered:

> As far as the question mark placeholders go, it's
> actually well-defined -- the spec says that the
> placeholders must be used in place of literals.

Having read this explanation, I now see that.  On first reading, I
assumed it was referring to (javascript string) literals that would be
substituted in.

Could you clarify:
"""
2.  Parse the first argument to the method (sqlStatement) as an SQL
statement, with the exception that ? characters can be used in place
of literals in the statement. [SQL]
"""

perhaps into

"""
Parse the first argument to the method (sqlStatement) as an SQL
statement. [SQL]  The SQL dialect embedded by HTML5 supports use of a
question mark character (?) to indicate a dynamic parameter.  Note
that the ? is limited to replacing SQL literals; it does not provide
arbitrary (or printf-style) string interpolation.
"""


This still leaves open whether the statement has to actually be
PREPAREd, and whether other parameter types or host variables are
supported.

Hopefully, it does make clear that you can't just use the ? for
pasting together random strings.

It would also be good to have an example, so that people (like me)
won't wonder whether to use '?' instead of ?.

-jJ
Received on Friday, 9 November 2007 19:08:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:09 GMT