[PD-dev] [-SPAM-] [PD] SQL wrappers

[Jamie Bullock]

Hi Hans,

I've moved this thread to the dev list.

On Mon, 2007-12-10 at 15:29 -0500, Hans-Christoph Steiner wrote:
> I was just doing some research on SQL placeholders and I got an idea  
> from this Python library for SQL:
> 
> http://www.aminus.net/geniusql/wiki/SQLInjection
> 
> Basically, if there are standard SQL interfaces to the various SQL  
> database objects, then we can make some support objects that generate  
> SQL queries from inlets.  I can't really think of a way to make this  
> very flexible off the top of my head, but I wanted to throw it out  
> there.
> 
> Then there could also be an object like Matju describes that you  
> write the SQL in the object box as arguments, and it would  
> automatically interpret the ? as placeholders and create inlets for  
> them.  The inlets would either have to be symbol inlets (numbers can  
> be symbols but strings can be floats) or proxy inlets.
> 
> [sql SELECT "ID" FROM "Animal" WHERE ("Animal"."Species" = 'Ape' or  
> 1=1 or '')]

I've been thinking along these lines also. In this pd-sql rethink, there
are two things that come out for me:

i) We should support the 'query as an argument to the object with
placeholders' syntax, AND the 'query passed to an inlet as a message'
syntax. 

ii) We should modularise the functionality of these objects at least
into db.conn and db.query type objects, maybe more. (I know you
suggested this ages ago!)

The design is getting better, the implementation is getting more
tricky ;-)

Jamie


-- 
www.postlude.co.uk