Re: [gnome-db] API Break Request for gda_insert_row_into_table

["Vivien Malerba" <vmalerba gmail com>]

2008/12/24 Daniel Espinosa <esodan gmail com>

2008/12/23 Vivien Malerba <vmalerba gmail com>

2008/12/21 Daniel Espinosa <esodan gmail com>

Hi all

I'm working in gda_insert_row_into_table but have some troubles:

I'm creating the SQL usin GdaSqlStatement structs, with success but strings are renderer with out quotes ("") can any help me to know how can I do this to work.

I'm adding a GdaSqlExpr to values GList in the GdaSqlStatementInsert, when render the GdaSqlStatement I get:

 INTO test (q, number, a) VALUES (NEW TEXT, 1000, NUEVO NOMBRE)

it is an invalid SQL, how can I get quoted strings. This must be

 INTO test (q, number, a) VALUES ('NEW TEXT', 1000, 'NUEVO NOMBRE')

for a PostgreSQL database.

It's up to you to add quotes where they are needed (because the GdaSqlStatement is just a tree representation of an SQL statement). Anyway, what you should do is use GdaSqlParamSpec (which are variables or parameters), this will have the following benefits:
* avoid you the job of adding quotes when needed
* avoid any SQL injection problems
 

Coul you help me on how create a GdaSqlParamSpec?


As Far As I Undertand for the code in gda_sql_param_spec_new (GValue *value), the value paramenter must be a string with the following syntax:

"PARAM_NAME:G_TYPE_INT:N"


As a collateral efect all functions in sql-parser directory doesn't have any documentation, then may is time to work on them, I'll try to help on them.

This API is the one exposed from the SQL parser, but as simple structures are used, they can be created using g_new() as well. This is what is done in the rest of Libgda. For examples, see the gda_compute_unique_table_row_condition() function in the gda-util.c file.

For a real "user" level API I had the idea that maybe we could create an API similar to SQLBuilder (http://openhms.sourceforge.net/sqlbuilder/), but I haven't yet had the time to investigate...

Regards,

Vivien