Auto-escape input in CQL queries

[ctavan]

It would be nice to be able to write CQL queries like

conn.cql('UPDATE users SET name = ?, age = ?, hometown = ? WHERE id = ?', ['Chris', 54, 'NYC', 100]);

Which should be translated to the following CQL string by the driver:

UPDATE users SET name = 'Chris', age = 54, hometown = 'NYC' WHERE id = 100

To make things simpler we could also just put single quotes around any unquoted placeholder.

[devdazed]

so strings will be quoted but numbers not? I'm not sure how doing this without a RegEx is possible. I would like to refrain from using RegEx's as much as possible as they severely hinder performance, and I believe we already have 2 in the CQL pipeline.

As a side note, this may be able to be added to the cqlEscape method's RegEx to add the quotes. not sure though

[ctavan]

I like the way it is done in node-mysql and I would quote everything (numbers and strings). Maybe we can even forbid manual quoting in some future release?

If performance becomes a problem: CQL 3 has prepared CQL statements where the CQL statement including placeholders is stored server side and only the values are sent with each request.

[devdazed]

Do you think the driver should automatically prepare statements it sees, maybe store them as the md5 of the statement with placeholders, this way we could gain a performance boost for users without them having to specifically prepare a statement ahead of time.

[ctavan]

Hmm, I wouldn't make the driver use the prepared statement feature of cassandra without explicit user-action. I just wanted to say that CQL3 prepared queries are the way to go if you are really worried about performance.

Your md5-idea is nice, but we should probably benchmark md5-creation vs. regex-replace to see if we can really gain performance with that.