[R-sig-DB] SQL escaping/quoting proposal

Hadley Wickham h@w|ckh@m @end|ng |rom gm@||@com
Sat Oct 19 17:40:06 CEST 2013 

I've cleaned up the examples and made them work and put the results in
https://gist.github.com/hadley/7057387 - that should make discussion a
bit more concrete.

> Could you provide a bit more clarification on what the sqlQuoteIdentifier should do?
> How shall we deal when a vector of strings is passed?
>   Is it right to assume that sqlQuoteIdentifier(drv, c('a', 'b')) should
>   return a vector consisting of quoted results of individual element of the vector?

Yes, I think that makes the most sense.

> How do we construct a reference to table with schema, or column with table?
> eg schema.table or table.column?
>   More specifically, is it right to assume that sqlQuoteIdentifier is used for constructing
>   individual part of the composite identifier?

I think that would be up to the individual function author: you could
assume that if a vector was passed then you should quote then
concatenate together with ".".  Or you could assume that for more
complicated references the user had already flagged that the input
should not be escaped with sql().

> You had a minor mistake in showing the default method (The name is both "sqlQuoteString",
> and I am not sure which is intended for sqlQuoteIdentifier).

Fixed.

> Another consideration is for the name of the function. Whether we should
> use sql prefix or use db prefix.  I would like to know what others think for this point.

I'm pretty sure it should be db to be consistent with the rest of the
package. (And I've also added dbFetch as an alias since fetch is the
_only_ function in DBI without the db prefix)

> Here, I think we can avoid problem in most cases, but there are still a bit
> cases where the encoding does not allow proper conversion.
> That's the problem of the database capability, there is not much things that
> the driver can do, though.

Right, we can only support what the db can.

The quoting function could also throw an error if it was not possible
to quote the input in a safe way for the database.

Hadley


-- 
Chief Scientist, RStudio
http://had.co.nz/

More information about the R-sig-DB mailing list