[Laszlo-dev] For your review: Laszlo Database API spec version 1.1
Max Carlson
max at laszlosystems.com
Fri Nov 4 16:38:39 PST 2005
Geert Bevin wrote:
> Hi Max,
>
> I'm still wondering why you put SQL inside the model. If you only
> declare abstract methods with arguments, what use it is to have SQL
> attached to it?
There are now two types of methods - native and SQL. The SQL in SQL
methods is literally used for the WHERE clause for SQL methods
statements to provide record-level access. The client doesn't have any
way to access this SQL - it can only send arguments for methods,
regardless of if those methods are type native or SQL.
> I also have another remark, I think you should formalize the types that
> are supported for the fields and standardize again on a standard set
> for this and reduce the DB-specific types (like text for example). Some
> material:
> http://java.sun.com/j2se/1.5.0/docs/guide/jdbc/getstart/mapping.html
> http://www.faqs.org/docs/ppbook/x2632.htm
Good point. We'll need to do this for the client-side implementation.
In the end, types will need to be coerced by the client, depending on
what types are supported by the runtime.
If we can assume the client is always JavaScript/ECMAscript, doing it on
all on the server makes sense. If we want to support other client
languages (I think we do), then this will have issues, e.g. ECMA only
has number, but Java has float and int. It does make sense to
standardize on the server though, to cut client-side mapping work down.
I'll think about this...
> I also have trouble of seeing why Callbacks should be specified in the
> spec. Isn't that totally server-side?
Yes - it is totally server side. The spec is all server-side. The
client-side portion still needs to be written up and built...
> About protection against SQL injection, isn't it possible to handle
> this transparently on the server-side?
Absolutely - it's always important to call out though.
Thanks again!
Regards,
Max Carlson
OpenLazlo
More information about the Laszlo-dev
mailing list