W3C home > Mailing lists > Public > public-html@w3.org > September 2007

Detailed review of 4.12. Client-side database storage

From: Mihai Sucan <mihai.sucan@gmail.com>
Date: Tue, 18 Sep 2007 13:06:55 +0300
To: public-html <public-html@w3.org>
Message-ID: <op.tyug1taamcpsjgr0b0dp@athlon>


I have reviewed section 4.12. "Client-side database storage" [1]. Here are  
my comments:

1. In section 4.12.2. "Executing SQL statements" [2]:

"Big Issue: There are two major missing features here: One: [...]. Two:  
there's no session-specific API, so if you have two windows open at once,  
you can't interact with the site doing two separate sessions unless the  
site goes out of its way to track sessions itself, detecting when new tabs  
are opened, etc. sessionStorage[] handles it, why doesn't this? [...]"

Given there's sessionStorage, it wouldn't really be a big deal for a web  
application to "go out of its way to track sessions itself" - since  
sessionStorage allows this quite nicely and easily.

Having a database per session would be, IMO, quite an over-kill.

However, I was thinking: maybe UAs could allow the CREATE TEMPORARY TABLE  
syntax (see the MySQL documentation [3]). The temporary tables would be  
removed when the user terminates the session.

This should be good enough for session-related SQL needs.

2. The section 4.12.2 needs further clarification and details. Based on  
the following questions:

How are the "?" chars supposed to be replaced with the given arguments?  
What kind of escaping is supposed to be expected?

executeSql("INSERT INTO `flowers` (`name`, `color`) VALUES (?, ?)",  
"lily", "white");
executeSql("INSERT INTO `flowers` (`name`, `color`) VALUES ('?', '?')",  
"lily", "white");

... both cases could be expected in the wild. What to expect from each  
example? I suppose the first example works as intended (a new row with the  
given arguments is added). The second example will simply add a new row  
with the '?' value for both fields. If this is the supposed behavior, then  
the UA has "context-awareness": I cannot do things like:

executeSql("INSERT INTO `flowers` (`?`, `?`) VALUES ('?', '?')", "name",  
"lily", "color", "white");

I cannot treat executeSql in a similar fashion to the sprintf() function  
[4] - albeit this would be a much more simpler function.

Can binary data be stored in the database? Is the UA supposed to do proper  
"escaping" for binary data arguments?

Also, regarding the SQL standard: I cannot ask for specifically requiring  
the implementation of the SQL standard X, Y, nor Z. However, I would  
suggest that the HTML5 spec *recommends* one SQL standard - like it  
recommends Ogg support for the <video> element.

3. The ResultSet object [5] has the length attribute [6] which is now  
defined to tell the number of columns in the current row. This attribute  
name is quite confusing. I initially expected it tells the number of rows  
in the ResultSet object.

I would recommend that the "length" attribute be renamed to numCols or  

4. I was surprised to see there's no attribute (or method) to easily and  
quickly check the number of rows in the ResultSet object. For now, one  
either has to use COUNT() in a SELECT query, or must iterate over all the  
rows to count them.

I would recommend defining a new readonly attribute "numRows" which tells  
the number of rows in the ResultSet object.

Having some experience with PHP+mySQL I quite often use the  
mysql_num_rows($result) function [7].

5. In section 4.12.3. "Database query results" [8], in the paragraph which  
defines the validRow attribute [9] of the ResultSet object [5], first  

"The validRow attribute must *return return* true if the ResultSet  
object's cursor is at a row with data. "

Correction: return. Eliminate the duplication.

That's about all for now. Thanks.

[3] http://dev.mysql.com/doc/refman/5.1/en/create-table.html
[4] http://www.php.net/manual/en/function.sprintf.php
[7] http://www.php.net/manual/en/function.mysql-num-rows.php

Received on Tuesday, 18 September 2007 10:07:06 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:21 UTC