Ticket #22 (closed enhancement: fixed)

Opened 3 years ago

Last modified 11 months ago

interface for constructing SQL queries

Reported by: zork Owned by: zork
Priority: major Milestone: 1.4
Component: SQL interface Version: devel
Keywords: Cc:

Description

Goal is to provide simple interface for constructing SQL queries similar to printf, but resistant to SQL injection problems.

Something like this:

dba::query sql("INSERT INTO table VALUES (%s,%s,%s)");
sql << myvalue1 << myvalue2 << myvalue3

operator<< would replace first %s found with myvalue1. Based on myvalueX type replacement should add quotes, escape quotes found in value or "%" char found in LIKE statements.

For compatibility with object serialization operator<< should accept StoreableFilter<T> derived types to easily convert custom types to int or string SQL values.

Attachments

query.patch (3.8 KB) - added by zork 2 years ago.
some work on API, not branched yet

Change History

Changed 2 years ago by zork

some work on API, not branched yet

Changed 11 months ago by zork

  • status changed from new to closed
  • resolution set to fixed

Implemented in r229 and r230

Note: See TracTickets for help on using tickets.