login signup
Named vs numbered SQL parameters Lassi Kortela (18 Sep 2019 08:48 UTC)
Re: Named vs numbered SQL parameters Peter Bex (18 Sep 2019 09:13 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (18 Sep 2019 09:35 UTC)
Re: Named vs numbered SQL parameters Peter Bex (18 Sep 2019 09:49 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (18 Sep 2019 10:10 UTC)
Re: Named vs numbered SQL parameters Peter Bex (18 Sep 2019 10:16 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (18 Sep 2019 10:30 UTC)
Re: Named vs numbered SQL parameters Peter Bex (18 Sep 2019 10:38 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (18 Sep 2019 10:50 UTC)
Re: Named vs numbered SQL parameters Alaric Snell-Pym (18 Sep 2019 10:39 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (19 Sep 2019 14:20 UTC)
Re: Named vs numbered SQL parameters Peter Bex (19 Sep 2019 14:53 UTC)
Re: Named vs numbered SQL parameters Alaric Snell-Pym (19 Sep 2019 16:05 UTC)
Re: Named vs numbered SQL parameters John Cowan (18 Sep 2019 22:36 UTC)
Re: Named vs numbered SQL parameters Peter Bex (19 Sep 2019 07:20 UTC)
Re: Named vs numbered SQL parameters John Cowan (19 Sep 2019 13:54 UTC)
Re: Named vs numbered SQL parameters Peter Bex (19 Sep 2019 14:04 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (19 Sep 2019 14:07 UTC)
Re: Named vs numbered SQL parameters Peter Bex (19 Sep 2019 14:19 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela (19 Sep 2019 14:28 UTC)
Re: Named vs numbered SQL parameters Alaric Snell-Pym (19 Sep 2019 16:00 UTC)
Re: Named vs numbered SQL parameters Lassi Kortela 19 Sep 2019 14:20 UTC 
> Oh yes. I've had maintain an SQL parser. :-|

Wow. That kind of experience can change one's perspective on a lot of
(hopefully just programming-related) things.

> Here's an ugly but safe option to consider - pass in the query as a list
> of strings and symbols, where the symbols are to be replaced by
> appropriate DB-specific magic and the strings stitched together around them:
>
> (sql-execute '("INSERT INTO foo VALUES(" myval1 ", " myval2 ")")
>               '((:myval1 . 1) (:myval2 . 2)))

This may actually be my favorite suggestion so far. The high-level DSL
would hide all this stuff anyway for most code, so I don't think
breaking the SQL string into parts like that is too ugly.

> But I always prefer the SSQL approach to this of just shoving scheme
> values in using quasiquoting:
>
> (sql-execute `(insert (into foo)
>                        (values #(,myval1 ,myval2)))

This is definitely the way to go for most code, but I think we are in
agreement that it belongs in a high-level DSL, and we need to figure out
some arrangement for how to pass parameters to the DB driver at the low
level.