Ticket #22 (new enhancement)

Opened 10 months ago

interface for constructing SQL queries

Reported by: zork Assigned to: zork
Priority: major Milestone: 1.4
Component: SQL interface Version: devel
Keywords: Cc:

Description

Goal is to provide simple interface for constructing SQL queries similar to printf, but resistant to SQL injection problems.

Something like this:

dba::query sql("INSERT INTO table VALUES (%s,%s,%s)");
sql << myvalue1 << myvalue2 << myvalue3

operator<< would replace first %s found with myvalue1. Based on myvalueX type replacement should add quotes, escape quotes found in value or "%" char found in LIKE statements.

For compatibility with object serialization operator<< should accept StoreableFilter<T> derived types to easily convert custom types to int or string SQL values.

Attachments

query.patch (3.8 kB) - added by zork on 05/12/08 10:56:36.
some work on API, not branched yet

Change History

05/12/08 10:56:36 changed by zork

  • attachment query.patch added.

some work on API, not branched yet