[Qt-interest] QSqlQuery and escaping
Andre Somers
andre at familiesomers.nl
Thu Dec 2 07:09:19 CET 2010
Op 2-12-2010 6:44, Jeffery MacEachern schreef:
> In this[0] documentation page, under the placeholder/binding section, it states
>
> "Besides performance, one advantage of placeholders is that you can
> easily specify arbitrary values without having to worry about escaping
> special characters."
>
> Am I understanding correctly that it will automagically take care of
> proper escaping without any additional code? Are there any details on
> how this is handled?
AFAIK, there are two mechanisms in place.
The first and most important is that some drivers support placeholders
themselves. That means that the driver actually gets the SQL string
including the placeholders, and a blob of binairy data with a predefined
format. That makes escaping in string formats unneeded. The seconds
mechanism that works for drivers that don't support this feature and in
case you are not using placeholders, is a part of the Qt driver.
QSqlDriver contains a method formatValue() that takes care of creating a
string representation that is escaped.
You should check the implementation of the Qt SQL drivers to make sure,
but this is my understanding of the topic.
André
More information about the Qt-interest-old
mailing list