|
Boost : |
From: Jorge Lodos (lodos_at_[hidden])
Date: 2006-04-17 15:39:30
> > Slightly offtopic, but what about something like:
> >
> > using std::sql::select;
> > using std::sql::from;
> >
> > auto query = select >> value >> from >> numbers; typedef
> > decltype(query)::tuple_type tuple_type;
> >
> > sql::rowset<tuple_type> rows(query,db); ...
> >
> > or maybe a more generic reational syntax...
>
> I was thinking exactly about something like this. A
> xpressive/spirit-like way of writing SQL. It should be faster
> too, I guess.
>
This has the additional advantage of generating code less prone to SQL
injection attacks, since there is no need to concatenate strings. The
library itself could check that parameters are used as such and not as a
mean to inject SQL commands.
Best regards
Jorge
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk