Hello all,<div><br></div><div>To give you an update on what is happening, I think I will have something to post tomorrow or the next day. I did diverge from the Object Model discussed, but that was because I couldn't quite figure out where Hans was outputting the result sets. It also may turn out to be a good thing, as it makes it possible to create the Server Object in any window, and the query objects can be in any other window, and they will still connect up (without patching). I like this as each query object can be isolated within its own subpatch, and you don't have to build additional objects just to connect to the server.
</div><div><br class="webkit-block-placeholder"></div><div>So, I have not quite implemented the Placeholder version of inputting the SQL, and from reading some more about SQL injection, it sounds like it would be a good idea if we were to have these inlets created using the specific type of data to be inserted. This is also probably going to be required, as the database packages require the binding of a particular data type into these placeholders. So, we are going to need a means of defining these types at creation time.
</div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div>[query <srv_id> insert into mytable (id, name, token) values (?f,'?s','?s')]</div><div><br class="webkit-block-placeholder">
</div><div>In this example, the first placeholder would expect a Float, with the next two expecting a Symbol (just think of this as a variation on the printf string substitutions). I am not quite sure if I remember correctly, but it sounded like Hans wants to set these inlets to be list inlets, but considering that the databases need to know the specific data types for each placeholder, I don't think this would be practical.
</div><div><br class="webkit-block-placeholder"></div><div>Also, as the servers I have looked at so far, would expect this string in the form of</div><div><br class="webkit-block-placeholder"></div><div>"insert into mytable (id, name, token) values (?, '?', '?')"
</div><div><br class="webkit-block-placeholder"></div><div>The external would be required to strip out the data type character.</div><div><br class="webkit-block-placeholder"></div><div>Also, from reading these things ( <a href="http://en.wikipedia.org/wiki/SQL_injection">
http://en.wikipedia.org/wiki/SQL_injection</a> ), it was stated that most database engines only allow the sending of a single SQL statement. This is done so that SQL injection can't be used to create additional statements that are embedded within a Placeholder replacement. So, this means that I won't get my multiple statement buffer. (Also, from some tests that I have done, there doesn't have to be a ';' terminating the statement, as the server appears to assume these things.
</div><div><br class="webkit-block-placeholder"></div><div>Ok, so I am a little all over the board on this, but if you could focus on the stuff on the Placeholder things, as that is pretty much still to be implemented, that would be great.
</div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div>Thanks,</div><div><br class="webkit-block-placeholder"></div><div>Mike</div>