[vtk-developers] Another SQL database issue

David C Thompson dcthomp at sandia.gov
Mon Mar 31 16:30:12 EDT 2008

Hi all,

Another issue I've run into with vtkSQLDatabase and vtkSQLQuery is that
of escaping strings. Both PostgreSQL and MySQL provide C functions to
escape strings so that quotes and other special characters are not
misinterpreted when included in an SQL query. It would be nice to
include a generic function to escape strings but there are a few issues
and so I would like to get opinions before implementing anything:

1. A method on vtkSQLQuery to escape strings is really necessary, but
it's not clear what the signature should be. For C++, it would be useful
to have
  class vtkSQLQuery {
    vtkStdString EscapeString( vtkStdString& src );
but this cannot be wrapped. Unfortunately, a signature like this:
  class vtkSQLQuery {
    char* EscapeString( const char* src );
would either require the called to delete the returned string (tedious)
or to copy the results before calling EscapeString a second time (since
storage for the output would be owned by the class and overwritten with
each call). Should both methods be included?

(Note that these methods cannot be static since MySQL and PostgreSQL
escape strings differently depending on the default character set of a

2. Some database backends (sqlite, ODBC?, QtSQL) don't provide a way to
escape strings.

3. MySQL and PostgreSQL have different quotation conventions. In MySQL
the convention is to surround text column data with double-quotes while
PostgreSQL (and other ANSI SQLs) use single quotes.So, the question is:
should there be a method (EscapeString or a separate method such as
QuoteText) that adds enclosing quotes as well as escapes the text placed

Any thoughts? If I don't get feedback, I'll
1. Implement both signatures
2. Provide a default, do-nothing implementation
3. Include a separate method (QuoteText) that both escapes strings and
adds enclosing quote marks as required.


More information about the vtk-developers mailing list