[whatwg] Couple comments on Database storage spec.
Ian Hickson
ian at hixie.ch
Wed Oct 17 16:57:08 PDT 2007
On Thu, 18 Oct 2007, timeless wrote:
>
> could you simply require that all sql statements be of the form:
>
> "X = ?" instead of "X = 1"
>
> i.e., any attempt to not use parameterized expressions throws?
>
> I know it's possible to screw this up, but would it at least be hard
> enough?
Given that "?" can be used in place of any literal, that would make many
statements really obtuse. You couldn't even do things like "select ...
where count > 1" without taking the 1 out into parameters.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list