{ "id": "110114", "key": "ALOY-535", "fields": { "issuetype": { "id": "4", "description": "An improvement or enhancement to an existing feature or task.", "name": "Improvement", "subtask": false }, "project": { "id": "11113", "key": "ALOY", "name": "Alloy", "projectCategory": { "id": "10400", "description": "Tools for developing applications", "name": "Tooling" } }, "fixVersions": [ { "id": "15271", "description": "Alloy 1.1.0, concurrent with SDK 3.1.0", "name": "Alloy 1.1.0", "archived": false, "released": true, "releaseDate": "2013-04-16" }, { "id": "14874", "description": "2013 Sprint 05", "name": "2013 Sprint 05", "archived": true, "released": true, "releaseDate": "2013-03-11" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2013-02-25T22:19:45.000+0000", "created": "2013-02-25T15:06:25.000+0000", "priority": { "name": "High", "id": "2" }, "labels": [ "api" ], "versions": [ { "id": "15170", "description": "Alloy 1.0.3", "name": "Alloy 1.0.3", "archived": false, "released": true, "releaseDate": "2013-03-22" } ], "issuelinks": [], "assignee": { "name": "tlukasavage", "key": "tlukasavage", "displayName": "Tony Lukasavage", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2013-04-09T19:33:25.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "12329", "name": "Runtime", "description": "Generic bucket for uncategorized runtime issues" } ], "description": "h2. update (2/25/2013)\r\n\r\nThe new syntax will be, allowing for the existing syntax as well as allowing for a prepared statement to be defined with an object.\r\n\r\n{code:javascript}\r\n// plain query\r\ncollection.fetch({\r\n    query: 'select * from some_table where column1 = \"somevalue\"'\r\n});\r\n\r\n// prepared statement\r\ncollection.fetch({\r\n    query: {\r\n        statement: 'select * from some_table where column1 = ?',\r\n        params: [values]\r\n    }\r\n});\r\n{code}\r\n\r\nh2. original\r\n\r\nCurrently there is no support for prepared statements. The only way to make an SQL statement with parameters is to have code insert the parameters. This is a security risk, a bad practice, and reflects poorly on Alloy models as a whole.\r\n\r\nCurrently I have to: \r\n\r\ncollection.fetch({query: \"select * from some_table where column1 = '\" + value + \"'\");\r\n\r\nIdeally I would like to:\r\n\r\ncollection.fetch({query: \"select * from some_table where column1 = ?\" + params: [value]});\r\n\r\nAssuming this uses the Ti.Database.execute() in the background, this should be a small change as the execute() method already supports this.", "attachment": [], "flagged": false, "summary": "Need support for prepared statements", "creator": { "name": "twilkinson", "key": "twilkinson", "displayName": "Thomas Wilkinson", "active": true, "timeZone": "America/Chicago" }, "subtasks": [], "reporter": { "name": "twilkinson", "key": "twilkinson", "displayName": "Thomas Wilkinson", "active": true, "timeZone": "America/Chicago" }, "environment": "All environments", "comment": { "comments": [ { "id": "239715", "author": { "name": "tlukasavage", "key": "tlukasavage", "displayName": "Tony Lukasavage", "active": true, "timeZone": "America/Los_Angeles" }, "body": "The proposed syntax doesn't make much sense, in that it's using inline concatenation of arguments, making it look like some kind of string:\n\n{code:javascript}\ncollection.fetch({\n query: \"select * from some_table where column1 = ?\" + params: [value]\n});\n{code}\n\nI'm assuming you meant something like this:\n\n{code:javascript}\ncollection.fetch({\n query: \"select * from some_table where column1 = ?\",\n params: [value]\n});\n{code}\n\nI like the idea of keeping the query and args contained in a single property of the fetch object though, to keep them clearly coupled as fetch can have other arguments:\n\n{code:javascript}\ncollection.fetch({\n query: {\n statement: \"select * from some_table where column1 = ?\",\n params: [values]\n }\n});\n{code}", "updateAuthor": { "name": "tlukasavage", "key": "tlukasavage", "displayName": "Tony Lukasavage", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2013-02-25T21:39:23.000+0000", "updated": "2013-02-25T21:39:23.000+0000" }, { "id": "239716", "author": { "name": "twilkinson", "key": "twilkinson", "displayName": "Thomas Wilkinson", "active": true, "timeZone": "America/Chicago" }, "body": "You're correct in your assumption, I intended a comma instead of a plus sign. However, I do like your proposal better. Thank you.", "updateAuthor": { "name": "twilkinson", "key": "twilkinson", "displayName": "Thomas Wilkinson", "active": true, "timeZone": "America/Chicago" }, "created": "2013-02-25T21:42:10.000+0000", "updated": "2013-02-25T21:42:10.000+0000" }, { "id": "246709", "author": { "name": "fcasali", "key": "fcasali", "displayName": "Federico Casali", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Sample code available in https://github.com/appcelerator/alloy/tree/1_1_X/test/apps/models/sql_queries\n\nVerified as fixed.\n\nAlloy: 1.1.0-cr\nCLI version: 3.1.0-cr\nTiSDK: 3.1.0.v20130408154547\n\nClosing.", "updateAuthor": { "name": "fcasali", "key": "fcasali", "displayName": "Federico Casali", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2013-04-09T19:33:18.000+0000", "updated": "2013-04-09T19:33:18.000+0000" } ], "maxResults": 3, "total": 3, "startAt": 0 } } }