On 10/17/05, garaged garaged@gmail.com wrote:
Do you think is cleaner or easy to understand to do prepared queries vs correct quotation??
It is much cleaner to do (psuedo):
q = "SELECT field1, field2 FROM table1 WHERE fieldX = :? AND fieldY = :?"; statement = prepare(q); bind_outvalue(statement, 0, &field1, SQL_INT); bind_outvalue(statement, 1, &field2, SQL_BOOLEAN); bind_invalue(statement, 0, &fieldX, SQL_INT); bind_invalue(statement, 1, &fieldY, SQL_STRING); query(statement);
print field1, field2;
rather than:
if(!is_int(fieldX)) error;
if(!is_string(fieldY)) error;
q = "SELECT field1, field2 FROM table1 WHERE fieldX = " + fieldX + " AND fieldY = " + quote(fieldY);
result = query(q); row = get_row(result); field1 = row[0]; field2 = row[1];
if(!is_int(field1))
You have to remember exactly the correct sequence of parameters for every query. I'm not that good with memory, but I migth be one in a million.
Max
-- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** ------END GEEK CODE BLOCK------
-- Christopher A. Watford christopher.watford@gmail.com http://dorm.tunkeymicket.com http://www.theroadtrip2005.com