Guenther,
> what's the trick for wrapping SQL statements with escape characters?
Getting good documentation; the difficulty of that step will vary with
the vendor of the DBMS (three guesses...). If you care about
portability, you will need to have an abstraction of DBMS and dispatch
your escaping through it. Singletons should work well.
When the rules are clear and assuming you reliably dispatch through the
correct DBMS representative, then there really isn't much of a trick.
You can probably get around it entirely by preparing statements, but I
have been disappointed with the resulting speed improvements. It is
faster than sending "raw" SQL, but not much more than 2x in my
experience, and that comes at a cost of complexity and memory. Note
that you can get burned (e.g. have all records deleted from important
tables, etc.) by malicious SQL, so if you escape yourself, you need to
get it right.
Have a good one,
Bill
--
Wilhelm K. Schwab, Ph.D.
[hidden email]
Locked
