[cvsnt] Re: Help with Audit

[Flávio Etrusco]

> g_pDb->Execute("Insert Into %sCommitLog (SessionId, Directory,
> Message, Type, Filename, Tag, BugId, OldRev, NewRev, Added, Removed,
> Diff) Values (%lu, '%s', ? ,'%c','%s','%s','%s','%s','%s',%lu, %lu, ?
> )",g_szPrefix,g_nSessionId,NULLSTR(directory),change_list[n].type,
>  (...)
> Seems to me that the Message item is missing from the argument list
> (should be betweeen directory and type). I really do not understand
> this strange syntax...

Actually, the only stange thing there the StatementCall syntax ;-)
The '?' means the parameter is passed a parameter, so we're not
vulnerable to an SQL injection bug :-)

> (I am doing ObjectPascal on a daily basis and that is rather much
> clearer).

Amem, brother!
I "hate" C++ also, that's the major reason I never contributed code to
cvsnt or Tortoise... :-(
However I do some C++ from time to time and currently my work consists
mostly of Java programming for some years now, I guess I'm almost
getting used to it...

-Flávio