Re: [gnome-db] API Break Request for gda_insert_row_into_table

["Daniel Espinosa" <esodan gmail com>]

2008/12/23 Vivien Malerba <vmalerba gmail com>

2008/12/21 Daniel Espinosa <esodan gmail com>

Hi all

I'm working in gda_insert_row_into_table but have some troubles:

I'm creating the SQL usin GdaSqlStatement structs, with success but strings are renderer with out quotes ("") can any help me to know how can I do this to work.

I'm adding a GdaSqlExpr to values GList in the GdaSqlStatementInsert, when render the GdaSqlStatement I get:

 INTO test (q, number, a) VALUES (NEW TEXT, 1000, NUEVO NOMBRE)

it is an invalid SQL, how can I get quoted strings. This must be

 INTO test (q, number, a) VALUES ('NEW TEXT', 1000, 'NUEVO NOMBRE')

for a PostgreSQL database.

It's up to you to add quotes where they are needed (because the GdaSqlStatement is just a tree representation of an SQL statement). Anyway, what you should do is use GdaSqlParamSpec (which are variables or parameters), this will have the following benefits:
* avoid you the job of adding quotes when needed
* avoid any SQL injection problems
 

Coul you help me on how create a GdaSqlParamSpec?


As Far As I Undertand for the code in gda_sql_param_spec_new (GValue *value), the value paramenter must be a string with the following syntax:

"PARAM_NAME:G_TYPE_INT:N"


As a collateral efect all functions in sql-parser directory doesn't have any documentation, then may is time to work on them, I'll try to help on them.
-- 
Trabajar, la mejor arma para tu superación
"de grano en grano, se hace la arena" (R) (en trámite, pero para los cuates: LIBRE)