Forums before death by AOL, social media and spammers... "We can't have nice things"
| comp.os.vms | DEC's VAX* line of computers & VMS. | 264,096 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 262,819 of 264,096 |
| Lawrence D'Oliveiro to you want to |
| Re: VMS x86-64 database server |
| 10 Jul 25 01:33:08 |
From: ldo@nz.invalid
On Wed, 9 Jul 2025 20:04:34 -0400, Arne Vajhøj wrote:
> I would write your code a little simpler:
I notice you didn’t try to offer alternatives to the wildcard and
identifier escaping.
> def dump_range(con, vals):
> jvals = ",".join(q(esc(val)) for val in vals)
> c = con.cursor()
> c.execute(f"SELECT f1,f2 FROM t1 WHERE f2 IN ({jvals})")
> for row in c.fetchall():
> print('%d %s' % (row[0], row[1]))
Instead of using my sql_string_list() function everywhere it’s needed,
you want to write out the full expression at every point?
> But dynamic SQL with dynamic data is still bad.
Is it bad to offer users dynamic query capabilities?
Here’s some code I wrote back in Python-2 days (MySQL-specific):
# collect list of items matching specified search criteria
condition = \
(
list
( # free-text fields
"%(name)s like %(value)s"
%
{
"name" : field[0],
"value" :
SQLString("%" + EscapeSQLWild(Params
getvalue(field[1])) + "%"),
}
for field in
(
("make", "search_make"),
("model", "search_model"),
("details", "search_details"),
("serial_nr", "search_serial"),
("inventory_nr", "search_invent"),
)
if Params.getvalue(field[1]) != ""
)
+
list
( # exact-match fields
"%(name)s = %(value)s"
%
{
"name" : field[0],
"value" : SQLString(Params.getvalue(field[1])),
}
for field in
(
("class_name", "search_class"),
("allocation", "search_allocated"),
("location_name", "search_location"),
)
if Params.getvalue(field[1]) != ""
)
+
list
( # date fields
"("
+
" or ".join
(
"%(name)s %(op)s %(value)s"
%
{
"name" : field[0],
"op" : op[0],
"value" : SQLString(Params.getvalue(field[1])),
}
for op in
(
("<", "lt"),
("=", "eq"),
(">", "gt"),
)
if GetCheckbox("%(name)s[%(op)s]" % {"name" :
field[1], "op" : op[1]})
)
+
")"
for field in
(
("when_purchased", "search_when_purchased"),
("warranty_expiry", "search_warranty_expiry"),
)
if reduce
(
operator.__or__,
(
GetCheckbox("%(name)s[%(op)s]" % {"name" :
field[1], "op" : op})
for op in ("lt", "eq", "gt")
)
)
)
)
condition = " and ".join(condition)
used as
select «fields» from «table» where «condition»
Let’s see your EXEC SQL cope with that ...
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
(c) 1994, bbs@darkrealms.ca