Using the result of a comma expression is deprecated

Erik van Velzen via Digitalmars-d-learn digitalmars-d-learn at puremagic.com
Sun Nov 27 04:22:14 PST 2016


On Sunday, 27 November 2016 at 12:13:03 UTC, Nicholas Wilson 
wrote:
> On Sunday, 27 November 2016 at 11:49:25 UTC, Suliman wrote:
>> On Sunday, 27 November 2016 at 11:21:58 UTC, drug007 wrote:
>>
>> 	void dbInsert(string login, string uploading_date, string 
>> geometry_type, string data)
>> 	{
>> 	
>> 	    Statement stmt = conn.createStatement();
>> 		string sqlinsert = (`INSERT INTO usersshapes (userlogin, 
>> uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s', 
>> '%s') `, login, uploading_date, geometry_type, data);
>> 		stmt.executeUpdate(sqlinsert);
>> 		scope(exit) stmt.close(); // closing
>> 	}
>>
>> full code.
>
> Looks like you forgot a call to format before the opening 
> parenthesis.
>
> should be:
> string sqlinsert = format(`INSERT INTO usersshapes (userlogin,
>  uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s',
>  '%s') `, login, uploading_date, geometry_type, data);
>
> because what ends up happening is :
>     string sqlinsert = data;
> which is almost certainly not what you want.

As an aside, for security reasons you should use a prepared 
statement.

Also, this is a decent usecase for scope(exit) but it should be 
put earlier in the function.


More information about the Digitalmars-d-learn mailing list