2

我不喜欢依赖位置参数,可以使用HDBC吗?

我可以看到传递[(String, SqlValue)]而不是作为参数传递给这个包[SqlValue]的各种执行函数。

简而言之,我宁愿

select 
  t.f1
  , t.f2
  , t.f3
from
  schema.table t
where
 t.f1 > @param1
 and t.f2 < @param2


select 
  t.f1
  , t.f2
  , t.f3
from
  schema.table t
where
 t.f1 > ?
 and t.f2 < ?
4

1 回答 1

1

Not with hdbc directly but i do it with the help of the shakespeare-text package:

quickQuery cn (T.unpack
                 [st|select bar, baz, foo
                       from table1 r
                      inner join location l on r.locat_id = l.location_id
                      where r.record_id = #{pageIdxId page}
                        and foo > #{var1 + var2}
                      order by 1|]) []

Notice haskell variables and expressions in #{} placeholders.

be careful with string splicing though.

use sql escaping function with string values. 

sqlEscape :: Text -> Text
sqlEscape = T.replace "'" "''"

then 

[st|update foo set bar = '#{sqlEscape someString}' where recid = #{myRecId}|]

Or if you are up to the task, you can take the shakespeare-text library and add a small change to it to automatically escape all isString types.

于 2013-10-15T19:29:02.680 回答