[DB-SIG] db module wrapper
randall at tnr.cc
Fri Aug 20 22:59:27 CEST 2004
Ian Bicking wrote:
> Randall Smith wrote:
>> Assume that the first item in the list is always sql. Is that a valid
> It would be really easy to make mistakes that way. Or to compose
> statements. For instance, given two query fragments for a where clause,
> you might want to compose them like:
> new_query = ['('] + query1 + [') AND ('] + query2 + [')']
> But then you'd have to worry about how query1 and query2 were
> constructed, so that you concatenated the strings of any SQL
> expressions, but didn't concatenate to any literals.
> And there's a lot of even simpler mistakes that could be made, and the
> errors could be hard to find or cause security holes.
Your point is well taken. Anyhow, since it is simple to code, I'm going
to put it in as an extra. If passed only a list, the execute wrapper
will treat it as an alternating sql/param list that must begin with sql.
Nobody will be forced to use it, but it will be there and consistently
supported across all dbs since there is no db-specific functionality (a
nice benefit). If it proves to have some unavoidable dangerous
characteristic, I'll drop it.
On a separate topic, got any ideas on how to abstract exceptions? If
someone has already figured out an easy way to do this, I sure would
appreciate the knowledge.
More information about the DB-SIG