[html5] r1062 - /

whatwg at whatwg.org whatwg at whatwg.org
Wed Oct 17 00:27:37 PDT 2007 

Author: ianh
Date: 2007-10-17 00:27:36 -0700 (Wed, 17 Oct 2007)
New Revision: 1062

Modified:
   index
   source
Log:
[e] (0) include a note as to an SQL example to include; add a note about rowsAffected and SELECT statements

Modified: index
===================================================================
--- index	2007-10-17 07:19:21 UTC (rev 1061)
+++ index	2007-10-17 07:27:36 UTC (rev 1062)
@@ -30201,7 +30201,15 @@
 
   <h4 id=introduction3><span class=secno>4.11.1. </span>Introduction</h4>
 
-  <p class=big-issue>...
+  <p class=big-issue>...</p>
+  <!-- include an example that does something like the following to show
+you should never embed strings straight into the statement, even when you
+have a variable and unknownable number of literals coming:
+   var q = "";
+   for each (var i in array)
+     q += (q == "" ? "" : ", ") + "?";
+   executeSql('SELECT rowid FROM t WHERE c IN (' + q + ')', array, ...);
+-->
 
   <h4 id=databases><span class=secno>4.11.2. </span>Databases</h4>
 
@@ -30460,7 +30468,8 @@
    title=dom-SQLResultSet-rowsAffected><code>rowsAffected</code></dfn>
    attribute must return the number of rows that were affected by the SQL
    statement. If the statement failed, or did not affected any rows, then the
-   attribute must return zero.
+   attribute must return zero. For "SELECT" statements, this returns zero
+   (querying the database doesn't affect any rows).
 
   <p>The <dfn id=errorcode
    title=dom-ResultSetSQL-errorCode><code>errorCode</code></dfn> DOM

Modified: source
===================================================================
--- source	2007-10-17 07:19:21 UTC (rev 1061)
+++ source	2007-10-17 07:27:36 UTC (rev 1062)
@@ -27794,6 +27794,15 @@
 
   <p class="big-issue">...</p>
 
+<!-- include an example that does something like the following to show
+you should never embed strings straight into the statement, even when you
+have a variable and unknownable number of literals coming:
+   var q = "";
+   for each (var i in array)
+     q += (q == "" ? "" : ", ") + "?";
+   executeSql('SELECT rowid FROM t WHERE c IN (' + q + ')', array, ...);
+-->
+
   <h4>Databases</h4>
 
   <p>Each <i>origin</i> has an associated set of databases. Each
@@ -28061,7 +28070,9 @@
   title="dom-SQLResultSet-rowsAffected"><code>rowsAffected</code></dfn>
   attribute must return the number of rows that were affected by the
   SQL statement. If the statement failed, or did not affected any
-  rows, then the attribute must return zero.</p>
+  rows, then the attribute must return zero. For "SELECT" statements,
+  this returns zero (querying the database doesn't affect any
+  rows).</p>
 
   <p>The <dfn
   title="dom-ResultSetSQL-errorCode"><code>errorCode</code></dfn> DOM

More information about the Commit-Watchers mailing list