[DB-SIG] db module wrapper

Ian Bicking ianb at colorstudy.com
Fri Aug 20 21:57:01 CEST 2004


Randall Smith wrote:
> Assume that the first item in the list is always sql.  Is that a valid 
> assumption?

It would be really easy to make mistakes that way.  Or to compose 
statements.  For instance, given two query fragments for a where clause, 
you might want to compose them like:

new_query = ['('] + query1 + [') AND ('] + query2 + [')']

But then you'd have to worry about how query1 and query2 were 
constructed, so that you concatenated the strings of any SQL 
expressions, but didn't concatenate to any literals.

And there's a lot of even simpler mistakes that could be made, and the 
errors could be hard to find or cause security holes.

-- 
Ian Bicking  /  ianb at colorstudy.com  /  http://blog.ianbicking.org


More information about the DB-SIG mailing list