17 Apr
2006
17 Apr
'06
7:39 p.m.
Slightly offtopic, but what about something like:
using std::sql::select; using std::sql::from;
auto query = select >> value >> from >> numbers; typedef decltype(query)::tuple_type tuple_type;
sql::rowset<tuple_type> rows(query,db); ...
or maybe a more generic reational syntax...
I was thinking exactly about something like this. A xpressive/spirit-like way of writing SQL. It should be faster too, I guess.
This has the additional advantage of generating code less prone to SQL injection attacks, since there is no need to concatenate strings. The library itself could check that parameters are used as such and not as a mean to inject SQL commands. Best regards Jorge