SQL escaping/quoting proposal
I've cleaned up the examples and made them work and put the results in https://gist.github.com/hadley/7057387 - that should make discussion a bit more concrete.
Could you provide a bit more clarification on what the sqlQuoteIdentifier should do?
How shall we deal when a vector of strings is passed?
Is it right to assume that sqlQuoteIdentifier(drv, c('a', 'b')) should
return a vector consisting of quoted results of individual element of the vector?
Yes, I think that makes the most sense.
How do we construct a reference to table with schema, or column with table? eg schema.table or table.column? More specifically, is it right to assume that sqlQuoteIdentifier is used for constructing individual part of the composite identifier?
I think that would be up to the individual function author: you could assume that if a vector was passed then you should quote then concatenate together with ".". Or you could assume that for more complicated references the user had already flagged that the input should not be escaped with sql().
You had a minor mistake in showing the default method (The name is both "sqlQuoteString", and I am not sure which is intended for sqlQuoteIdentifier).
Fixed.
Another consideration is for the name of the function. Whether we should use sql prefix or use db prefix. I would like to know what others think for this point.
I'm pretty sure it should be db to be consistent with the rest of the package. (And I've also added dbFetch as an alias since fetch is the _only_ function in DBI without the db prefix)
Here, I think we can avoid problem in most cases, but there are still a bit cases where the encoding does not allow proper conversion. That's the problem of the database capability, there is not much things that the driver can do, though.
Right, we can only support what the db can. The quoting function could also throw an error if it was not possible to quote the input in a safe way for the database. Hadley
Chief Scientist, RStudio http://had.co.nz/