Re: SQL API -- statement syntax

Ian Hickson answered:

> As far as the question mark placeholders go, it's
> actually well-defined -- the spec says that the
> placeholders must be used in place of literals.

Having read this explanation, I now see that.  On first reading, I
assumed it was referring to (javascript string) literals that would be
substituted in.

Could you clarify:
2.  Parse the first argument to the method (sqlStatement) as an SQL
statement, with the exception that ? characters can be used in place
of literals in the statement. [SQL]

perhaps into

Parse the first argument to the method (sqlStatement) as an SQL
statement. [SQL]  The SQL dialect embedded by HTML5 supports use of a
question mark character (?) to indicate a dynamic parameter.  Note
that the ? is limited to replacing SQL literals; it does not provide
arbitrary (or printf-style) string interpolation.

This still leaves open whether the statement has to actually be
PREPAREd, and whether other parameter types or host variables are

Hopefully, it does make clear that you can't just use the ? for
pasting together random strings.

It would also be good to have an example, so that people (like me)
won't wonder whether to use '?' instead of ?.


Received on Friday, 9 November 2007 19:08:51 UTC