Boost logo

Boost :

Subject: Re: [boost] sqlpp11: SQL for C++
From: Roland Bock (rbock_at_[hidden])
Date: 2013-11-13 00:24:00


On 2013-11-13 00:48, Gavin Lambert wrote:
> On 13/11/2013 02:17, Quoth Roland Bock:
>> Thanks for the input. Prepared queries are in fact not supported. I'll
>> read up on them and report back.
>
> In SQL Server, queries are automatically "prepared" as long as you
> execute the same SQL statement as previously (so the only variations
> are in the parameter values).
That would be perfect, of course.
>
> Provided that you do value insertion via actual parameters (either
> named or positional, depending on the target SQL dialect) and not via
> directly inserting constants into the SQL query itself, it should be
> fairly straightforward to extend to a dialect that requires explicit
> preparing; you'd just need to provide a syntax that allows you to
> cache a query object in a variable and then execute it multiple times
> with different actual values. (Using parameters is also preferred
> over direct insertion because it lessens the risk of script injection.)
>
That should be relatively easy to do (and if you encapsulate the query
generation in a parametrized function it is already there).

Thanks and regards,

Roland


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk