[DB-SIG] db module wrapper
Ian Bicking
ianb at colorstudy.com
Fri Aug 20 21:57:01 CEST 2004
Randall Smith wrote:
> Assume that the first item in the list is always sql. Is that a valid
> assumption?
It would be really easy to make mistakes that way. Or to compose
statements. For instance, given two query fragments for a where clause,
you might want to compose them like:
new_query = ['('] + query1 + [') AND ('] + query2 + [')']
But then you'd have to worry about how query1 and query2 were
constructed, so that you concatenated the strings of any SQL
expressions, but didn't concatenate to any literals.
And there's a lot of even simpler mistakes that could be made, and the
errors could be hard to find or cause security holes.
--
Ian Bicking / ianb at colorstudy.com / http://blog.ianbicking.org
More information about the DB-SIG
mailing list