jeremy_c
Joined: 09 Apr 2005 Posts: 16 Location: Ohio, USA
|
Posted: Tue Apr 26, 2005 10:13 am Post subject: Escape Functionality |
|
|
pragma wrote: |
escape sequences. Different database vendors have slightly different conventions on how to deal with embeded single-quotes and the like. I see a reference to an 'escape' function in your doc index, but shouldn't this be tied to the various db implementation classes instead?
Code:
Code: | db.queryFetchAll("select * from mytable where x = '" ~ db.escape(mystr) ~ "'"); |
|
Escape functionality exists in Statement.d, however, you are right this needs to be reworked into the Database class. The current functionality is sorta automatic and will remain that way for the Statement class and can probably be brought into other functions if they utilize the Statement class.
Here's how it works:
Code: |
Statement s = db.prepare("SELECT * FROM people WHERE name = ? AND age = ?");
s.bind(1, "John Mc'Donald");
s.bind(2, 25);
Result r = s.execute(); |
Bind is overloaded and when a char[] is sent to it, escape takes place. The escape that takes place, however, is not database dependent, therefore, an escape function needs to be added to the Database class that the Statement class could access.
Jeremy |
|