[DB-SIG] db module wrapper
Randall Smith
randall at tnr.cc
Fri Aug 20 22:59:27 CEST 2004
Ian Bicking wrote:
> Randall Smith wrote:
>
>> Assume that the first item in the list is always sql. Is that a valid
>> assumption?
>
>
> It would be really easy to make mistakes that way. Or to compose
> statements. For instance, given two query fragments for a where clause,
> you might want to compose them like:
>
> new_query = ['('] + query1 + [') AND ('] + query2 + [')']
>
> But then you'd have to worry about how query1 and query2 were
> constructed, so that you concatenated the strings of any SQL
> expressions, but didn't concatenate to any literals.
>
> And there's a lot of even simpler mistakes that could be made, and the
> errors could be hard to find or cause security holes.
>
Your point is well taken. Anyhow, since it is simple to code, I'm going
to put it in as an extra. If passed only a list, the execute wrapper
will treat it as an alternating sql/param list that must begin with sql.
Nobody will be forced to use it, but it will be there and consistently
supported across all dbs since there is no db-specific functionality (a
nice benefit). If it proves to have some unavoidable dangerous
characteristic, I'll drop it.
On a separate topic, got any ideas on how to abstract exceptions? If
someone has already figured out an easy way to do this, I sure would
appreciate the knowledge.
Randall
More information about the DB-SIG
mailing list