[Qt-interest] QSqlQuery and escaping
Jeffery MacEachern
j.maceachern at gmail.com
Thu Dec 2 07:12:22 CET 2010
On Wed, Dec 1, 2010 at 22:09, Andre Somers <andre at familiesomers.nl> wrote:
> Op 2-12-2010 6:44, Jeffery MacEachern schreef:
>> In this[0] documentation page, under the placeholder/binding section, it states
>>
>> "Besides performance, one advantage of placeholders is that you can
>> easily specify arbitrary values without having to worry about escaping
>> special characters."
>>
>> Am I understanding correctly that it will automagically take care of
>> proper escaping without any additional code? Are there any details on
>> how this is handled?
> AFAIK, there are two mechanisms in place.
> The first and most important is that some drivers support placeholders
> themselves. That means that the driver actually gets the SQL string
> including the placeholders, and a blob of binairy data with a predefined
> format. That makes escaping in string formats unneeded. The seconds
> mechanism that works for drivers that don't support this feature and in
> case you are not using placeholders, is a part of the Qt driver.
> QSqlDriver contains a method formatValue() that takes care of creating a
> string representation that is escaped.
>
> You should check the implementation of the Qt SQL drivers to make sure,
> but this is my understanding of the topic.
Alright, so just to clarify, if the database has native support,
escaping is unnecessary, and if it doesn't, it relies on the driver
developers doing things the Right Way?
Cheers,
- Jeffery MacEachern
> André
> _______________________________________________
> Qt-interest mailing list
> Qt-interest at trolltech.com
> http://lists.trolltech.com/mailman/listinfo/qt-interest
>
More information about the Qt-interest-old
mailing list