- From: Jim Jewett <jimjjewett@gmail.com>
- Date: Wed, 31 Oct 2007 23:35:17 -0400
- To: public-html@w3.org
I think the SQL API should be more explicit on the requirements for a SQL statement. http://www.whatwg.org/specs/web-apps/current-work/multipage/section-sql.html#executesql In particular, should the statement (before substitution) be something that a SQL engine could prepare? Are quote marks around the question marks expected and/or required? Is the replacement value restricted to be a single token? Is the final ";" expected or required? To make that more concrete, which of the following are valid? Statement = "?" Arguments = ["select * from mytable;"] Statement = "sel?table;" Arguments = ["lect * from my"] Statement = "select * from mytable where x = ?;" Arguments = ["1 and y=2"] Statement = "select * from mytable where x = ?;" Arguments = ["1;select * from yourtable;"] /* note the lack of ";" */ Statement = "select * from mytable" Statement = "select * from mytable where x='?';" Arguments = ["1';select * from yourtable where y='1"] -jJ
Received on Thursday, 1 November 2007 03:35:29 UTC