Using the result of a comma expression is deprecated
Erik van Velzen via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Sun Nov 27 04:22:14 PST 2016
On Sunday, 27 November 2016 at 12:13:03 UTC, Nicholas Wilson
wrote:
> On Sunday, 27 November 2016 at 11:49:25 UTC, Suliman wrote:
>> On Sunday, 27 November 2016 at 11:21:58 UTC, drug007 wrote:
>>
>> void dbInsert(string login, string uploading_date, string
>> geometry_type, string data)
>> {
>>
>> Statement stmt = conn.createStatement();
>> string sqlinsert = (`INSERT INTO usersshapes (userlogin,
>> uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s',
>> '%s') `, login, uploading_date, geometry_type, data);
>> stmt.executeUpdate(sqlinsert);
>> scope(exit) stmt.close(); // closing
>> }
>>
>> full code.
>
> Looks like you forgot a call to format before the opening
> parenthesis.
>
> should be:
> string sqlinsert = format(`INSERT INTO usersshapes (userlogin,
> uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s',
> '%s') `, login, uploading_date, geometry_type, data);
>
> because what ends up happening is :
> string sqlinsert = data;
> which is almost certainly not what you want.
As an aside, for security reasons you should use a prepared
statement.
Also, this is a decent usecase for scope(exit) but it should be
put earlier in the function.
More information about the Digitalmars-d-learn
mailing list