|
| From: | Glen Ditchfield |
| Subject: | Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style |
| Date: | Tue, 24 Jan 2006 11:13:20 -0600 |
| User-agent: | KMail/1.9.1 |
On Tuesday 24 January 2006 02:13, Nathaniel Smith wrote:
> The new API is like:
> execute(query("DELETE FROM my_table WHERE attr = ?") % blob(foo));
Is there some code somewhere that escapes single-quotes? I've seen too many
bugs in other systems where the code sets up a query like
"SELECT stuff FROM my_table WHERE surname = '?' ")
and then some other code substitutes in "O'Toole" instead of "O''Toole".
| [Prev in Thread] | Current Thread | [Next in Thread] |