in reply to RFC: DBIx::Library

The first thing I thought when I saw this was "deja vu!" ;) You should really have a section near the top of the POD explaining what distinguishes your module from other similar ones. I just did a quick search and found DBIx::Librarian, SQL::Catalog, and SQL::Library on CPAN. There are most certainly others. The differences among all of them aren't obvious to me as I've never used any modules like this, and I think a section of the POD addressing this would help potential users who are shopping for a module.

I do think I like your interface at first glance. It's fairly concise. But I really don't like the syntax needed for: 

# select $$what$$ from offices'

$sql->offices(what => "`address`, `address2`, `city`, `state`");

[download]
I think having the module do all the ugly quoting instead would be a little cleaner: 
# select $$what$$ from offices

$sql->offices(what => [ qw/address address2 city state/ ]);

[download]
I also don't see any mention of mixing DBI placeholders with your $$foo$$ placeholders. Can I have a query like this: 
# select $$what$$ from offices where office_id=?

$sql->offices(what => [qw/name city/])->do($office_id);

[download]
From a skim of the code, it looks as though this is possible -- perhaps an example in the POD is in order, since losing DBI placeholder functionality would be scary.

And speaking of placeholders, have you given thought to the quoting of your $$foo$$ placeholders? If they quoted, I could use your module to do named placeholders as a complete replacement for DBI's positional placeholders (native RDBMS placeholder performance aside). Maybe you could even use different delimiters to specify different quoting rules (like the backtick-quoted column names above, single-quoted data like DBI placeholders, and non-quoted things like LIMIT clauses). I don't want to give your small module featuritis, but it's some food for thought.

$POD =~ s/quries/queries/

blokhead

Replies are listed 'Best First'.
Re^2: RFC: DBIx::Library
by eric256 (Parson) on Oct 13, 2004 at 18:24 UTC

    Thanks for the input.

    I will add a pod section setting it apart.

    The ugly quoting was a thing for me two, but I hadn't run into it yet in my production environment so it hasn't been added. I'm thinking that if you send an arrayref it quotes and commas it for you to simplify that.

    The placehold scheme it uses is completly independent of the ? scheme. ? is for run time replacements, and this module does.. pre-run replacements? Usefull for actualy changing the sql itslef if you have two sql statments that are 90% the same now you can make all the common parts one entry and use a $$ place holder to insert the extra sql.

    Off to do my homework on those other modules and add an explanation why make this when there is already a wheel.


    ___________
    Eric Hodges
[reply]
      I'm not sure you understand how important it is to use either placeholders or the DBI quote() method. If you don't do this, you are wide open to SQL-injection attacks.
[reply]

        You don't understand how the replacements are meant to be used. The $$ replacements are not ?. I know that. They are for cases where you want a general piece of SQL that will always be the same, a big set of joins or a complex where, but other parts like limit or the feilds might change. In those cases ? would do you no good. Here on the other hand you can now use the $$ to substitute in actual SQL. $$ would always be done by the actual code, unlike ? that would normaly be user supplied (and untainted) data.

        On review I see how maybe that distinction is not clear from the POD. /me wanders off to find a home for it in the POD. Thanks for the feedback.

        ___________
        Eric Hodges
[reply]

In Section Meditations