On Wed, Jul 31, 2013 at 05:28:02PM +0600, Alexey Uimanov wrote: > The rationale is that the low-level database interface accepts parameters > directly instead of inserting them inside the query manually. [...] > Low-level database interface knows better how to work with parameters, so > the driver must pass them to it instead of parameters substitution.
Letting the low-level database interface (I'm guessing you're talking about a C library provided by the database vendor) do the escaping certainly makes a lot of sense. However, it would still be possible to make sure that the *number* of parameters supplied matches the number of placeholders in the query string. That would make sense, don't you think? Tom _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
