This file is indexed.

/usr/share/gtk-doc/html/libgda-5.0/ch06s03.html is in libgda-5.0-doc 5.2.4-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Executing queries: GNOME Data Access 5 manual</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="GNOME Data Access 5 manual">
<link rel="up" href="getting_started.html" title="Code examples">
<link rel="prev" href="connections.html" title="Connecting">
<link rel="next" href="data-model.html" title="Managing data models">
<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="getting_started.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="connections.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="data-model.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2.7.4"></a>Executing queries</h2></div></div></div>
<p>
      Any query within <span class="application">Libgda</span> is represented as a <a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object. Each 
      <a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object can store exactly one SQL statement (SQL statements
      are generally separated by semi-colons). Several statements can be grouped into a 
      <a class="link" href="GdaBatch.html" title="GdaBatch">GdaBatch</a> object.
    </p>
<p>
      <span class="application">Libgda</span> can execute any SQL understood by the database to which a connection is opened, even SQL code containing
      extensions specific to a database.
    </p>
<p>
      When creating an SQL string which contains values (literals), one can be tempted (as it is the easiest solution) to
      create a string containing the values themselves, execute that statement and apply the same process the next time the same
      statement needs to be executed with different values. This approach has two major flaws outlined below which is why <span class="application">Libgda</span>
      recommends using variables in statements (also known as parameters or place holders) and reusing the same
      <a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object when only the variable's values change. The flaws are:
      </p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>The performances of the resulting application are not optimized because the database needs to parse the SQL
	    string each time and build its own internal representation of the statement, execute the statement using its 
	    internal representation, then discard that internal representation. Using variables and reusing the same statement,
	    the database only parses once the SQL statement, builds its internal representation, and reuses it every time
	    the statement is executed.
	  </p></li>
<li class="listitem"><p>Literals in SQL strings are an open invitation to SQL injection problems. Using variables prevents SQL injection.
	  </p></li>
</ul></div>
<p>
    </p>
<p>
      Because each database has its own way of representing variables in an SQL string, and because those ways of representing
      variables don't contain enough information (it is usually impossible to specify the expected type for a variable for example)
      <span class="application">Libgda</span> has defined a standard way of defining them, and translates it into the syntax understood by the database when
      needed. For more information about that syntax, see the <a class="link" href="GdaSqlParser.html#GdaSqlParser.description" title="Description">GdaSqlParser's object description</a>.
    </p>
<p>
      GdaStatement objects can be created by:
      </p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>parsing SQL code using <a class="link" href="GdaSqlParser.html#gda-sql-parser-parse-string" title="gda_sql_parser_parse_string ()">gda_sql_parser_parse_string ()</a>
	  from a <a class="link" href="GdaSqlParser.html" title="GdaSqlParser">GdaSqlParser</a> object.</p></li>
<li class="listitem"><p>building a <a class="link" href="libgda-5.0-GdaSqlStatement.html#GdaSqlStatement" title="GdaSqlStatement">GdaSqlStatement</a> structure and creating 
	  a <a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object around that structure. This method requires more
	  knowledge but is more portable across databases</p></li>
</ul></div>
<p>
    </p>
<p>
      Executing a statement is a matter of calling 
      <a class="link" href="GdaConnection.html#gda-connection-statement-execute" title="gda_connection_statement_execute ()">gda_connection_statement_execute ()</a> or one of its simplified
      versions if the nature of the statement (SELECT or not) is known.
    </p>
<p>
      The following example shows how to use a GdaStatement to list the details of some data while making a variable
      (named "the_id") vary from 0 to 9 (for simplicity, error checking has been removed):
      </p>
<pre class="programlisting">
GdaConnection *cnc;
GdaSqlParser *parser;
GdaStatement *stmt;
GdaSet *params;
GdaHolder *p;
GValue *value;
gint i;

cnc = ...;

[...]

stmt = gda_sql_parser_parse_string (parser, "SELECT * FROM customers WHERE id=##the_id::gint", NULL, NULL);
gda_statement_get_parameters (stmt, &amp;params, NULL);

p = gda_set_get_holder (params, "the_id");
value = gda_value_new (G_TYPE_INT);
for (i = 0; i &lt; 10; i++) {
	GdaDataModel *res;
	g_value_set_int (value, i);
	gda_holder_set_value (p, value);
	res = gda_connection_statement_execute_select (cnc, stmt, params, NULL);
	gda_data_model_dump (res, stdout);
	g_object_unref (res);
}
g_object_unref (params);
g_object_unref (stmt);
      </pre>
<p>
    </p>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.25</div>
</body>
</html>