|
From: | Glen Ditchfield |
Subject: | Re: [Monotone-devel] [PATCH] New typesafe VA_ARGS replacement for database with operator % style |
Date: | Tue, 24 Jan 2006 11:13:20 -0600 |
User-agent: | KMail/1.9.1 |
On Tuesday 24 January 2006 02:13, Nathaniel Smith wrote: > The new API is like: > execute(query("DELETE FROM my_table WHERE attr = ?") % blob(foo)); Is there some code somewhere that escapes single-quotes? I've seen too many bugs in other systems where the code sets up a query like "SELECT stuff FROM my_table WHERE surname = '?' ") and then some other code substitutes in "O'Toole" instead of "O''Toole".
[Prev in Thread] | Current Thread | [Next in Thread] |