W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2007

[whatwg] Couple comments on Database storage spec.

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 26 Oct 2007 10:52:06 -0700
Message-ID: <47222946.4080606@sicking.cc>
Ian Hickson wrote:
>> I think not having quote will make people write their own, and every so 
>> often fail at it. People that don't think about the possibility of 
>> getting exploited aren't going to use neither '?' nor quote() so they 
>> are hosed either way.
> 
> If we include examples for how to do this (embedding ? directly into the 
> query and adding the stuff to the array), will that work? It's easier to 
> do than quoting.

It does sound like a good idea to make all examples use the '?' syntax. 
I still think that providing a quote() implementation would do more good 
than harm, but admittedly I don't care that much. Especially given that 
the worst that can happen is bugs and not security breaches.

/ Jonas
Received on Friday, 26 October 2007 10:52:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:37 UTC