[whatwg] Couple comments on Database storage spec.
ian at hixie.ch
Wed Oct 17 16:57:08 PDT 2007
On Thu, 18 Oct 2007, timeless wrote:
> could you simply require that all sql statements be of the form:
> "X = ?" instead of "X = 1"
> i.e., any attempt to not use parameterized expressions throws?
> I know it's possible to screw this up, but would it at least be hard
Given that "?" can be used in place of any literal, that would make many
statements really obtuse. You couldn't even do things like "select ...
where count > 1" without taking the 1 out into parameters.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg