W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2007

[whatwg] Couple comments on Database storage spec.

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 17 Oct 2007 23:57:08 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0710172356070.19595@hixie.dreamhostps.com>
On Thu, 18 Oct 2007, timeless wrote:
> 
> could you simply require that all sql statements be of the form:
> 
> "X = ?" instead of "X = 1"
> 
> i.e., any attempt to not use parameterized expressions throws?
> 
> I know it's possible to screw this up, but would it at least be hard 
> enough?

Given that "?" can be used in place of any literal, that would make many 
statements really obtuse. You couldn't even do things like "select ... 
where count > 1" without taking the 1 out into parameters.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 17 October 2007 16:57:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:37 UTC