From CommonJS Spec Wiki
Jump to: navigation, search

About placeholders: we could use a second parameter in the query method to send values for sanitizing, like: db.query(sql,values) so we could have two constructors, one for plain sql with embedded values, the other with parametrized and sanitizable values.

db.query("select * from customers where id=123")


db.query("select * from customers where id=?id",{id:123})

About resultsets: I believe sending column names in every row is a waste of bytes, we are already defining them in the meta section of the set, so no need to repeat them. Unless you want named objects in the result set for better manipulation like instead of customer[1] but we should give the coder the option to save bytes, specially for large resultsets over the wire.

Proposal: a setting to indicate if the resultset will be an object of objects (with meta) or a 2d array, like db.resultType=db.typeObject or db.typeArray

resultset should be less redundant

 rs = {
 ...] }

colname should not repeated in result set json,only values will be transferd.

then define a wrapper like jQuery to simplify the operation.

for example:

var wrs = new RS(rs);
wrs.eachRow(function(i,row) {

use stored procedure to output result set rather than submit sql

submit sql text to rdbms has some faults 1. sql injection, it's dangerous 2. sql paring and optimizition has more overhead 3. js embed with sql is ugly 4. sql in js is prone to error

If we use stored procedure(oracle's plsql for example), all the problom will disapper In db, we develope json output API to simplify the stored procedure to gen json result set, js can use http/dbapi to get the result set. For oracle who support xmldb, provide http access to db, it's simple to use js's http client module to get the json result set. And it's much faster and safer. And it's much easy to code with IDE such as pl/sql developer

for RDBMS that don't support http access,we can build a http proxy using java|ruby|... what support access to db and also support http service, that http proxy will help to execute the rdbms's store procedure and get the result.

so we'ill never code sql in js, that's ugly. for data, it's better to use IDE specially for sql/sp/data coding.

I'v allready use oracle's plsql to gen json, and use oracle xdb http server to privide access point.It works well.