[whatwg] Couple comments on Database storage spec.

On Thu, 18 Oct 2007, timeless wrote:
> 
> could you simply require that all sql statements be of the form:
> 
> "X = ?" instead of "X = 1"
> 
> i.e., any attempt to not use parameterized expressions throws?
> 
> I know it's possible to screw this up, but would it at least be hard 
> enough?

Given that "?" can be used in place of any literal, that would make many 
statements really obtuse. You couldn't even do things like "select ... 
where count > 1" without taking the 1 out into parameters.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 17 October 2007 16:57:08 UTC