Uploaded image for project: 'Alloy'
  1. Alloy
  2. ALOY-535

Need support for prepared statements

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: Alloy 1.0.3
    • Fix Version/s: Alloy 1.1.0, 2013 Sprint 05
    • Component/s: Runtime
    • Labels:
    • Environment:

      All environments

      Description

      update (2/25/2013)

      The new syntax will be, allowing for the existing syntax as well as allowing for a prepared statement to be defined with an object.

      // plain query
      collection.fetch({
          query: 'select * from some_table where column1 = "somevalue"'
      });
       
      // prepared statement
      collection.fetch({
          query: {
              statement: 'select * from some_table where column1 = ?',
              params: [values]
          }
      });
      

      original

      Currently there is no support for prepared statements. The only way to make an SQL statement with parameters is to have code insert the parameters. This is a security risk, a bad practice, and reflects poorly on Alloy models as a whole.

      Currently I have to:

      collection.fetch({query: "select * from some_table where column1 = '" + value + "'");

      Ideally I would like to:

      collection.fetch(

      {query: "select * from some_table where column1 = ?" + params: [value]}

      );

      Assuming this uses the Ti.Database.execute() in the background, this should be a small change as the execute() method already supports this.

        Attachments

          Activity

            People

            • Assignee:
              tlukasavage Tony Lukasavage
              Reporter:
              twilkinson Thomas Wilkinson
            • Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Backbone Issue Sync

                • Backbone Issue Sync is enabled for your project, but we do not have any synchronization info for this issue.

                  Git Integration