[] (0) Define how ? replacement works in sql statements better. Sugge…

…stions on making it EVEN better are welcome.

git-svn-id: http://svn.whatwg.org/webapps@1051 340c8d12-0b0e-0410-8428-c7bf67bfef74

index

@@ -22,7 +22,7 @@
 
    <h1 id=html-5>HTML 5</h1>
 
-   <h2 class="no-num no-toc" id=working>Working Draft &mdash; 11 October 2007</h2>
+   <h2 class="no-num no-toc" id=working>Working Draft &mdash; 12 October 2007</h2>
 
    <p>You can take part in this work. <a
     href="http://www.whatwg.org/mailing-list">Join the working group's
@@ -30179,14 +30179,19 @@ interface <dfn id=sqlcallback>SQLCallback</dfn> {
   <ol>
    <li>
     <p>The first argument to the method (<var title="">sqlStatement</var>)
-     must be interpreted as an SQL statement, replacing any <code
-     title="">?</code> placeholders in the statement with the values given in
-     the subsequent arguments (<var title="">arguments...</var>).</p>
-
-    <p>If the syntax of <var title="">sqlStatement</var> is not valid, or the
-     statement uses features that are not supported (e.g. due to security
-     reasons), then the the method must raise a <code>SYNTAX_ERR</code>
-     exception and abort these steps.</p>
+     must be interpreted as an SQL statement, with the exception that <code
+     title="">?</code> characters can be used in place of literals in the
+     statement.</p>
+
+    <p>The <code title="">?</code> placeholders, as the statement is
+     executed, must each take the value of their corresponding argument (from
+     <var title="">arguments...</var>, in the same order).</p>
+
+    <p>If the syntax of <var title="">sqlStatement</var> is not valid (except
+     for the use of <code title="">?</code> characters in the place of
+     literals), or the statement uses features that are not supported (e.g.
+     due to security reasons), then the the method must raise a
+     <code>SYNTAX_ERR</code> exception and abort these steps.</p>
 
     <p>If the number of <var title="">arguments...</var> is not equal to the
      number of <code title="">?</code> placeholders in the statement, then

source

@@ -27796,14 +27796,19 @@ interface <dfn>SQLCallback</dfn> {
 
     <p>The first argument to the method (<var
     title="">sqlStatement</var>) must be interpreted as an SQL
-    statement, replacing any <code title="">?</code> placeholders in
-    the statement with the values given in the subsequent arguments
-    (<var title="">arguments...</var>).</p>
-
-    <p>If the syntax of <var title="">sqlStatement</var> is not valid,
-    or the statement uses features that are not supported (e.g. due to
-    security reasons), then the the method must raise a
-    <code>SYNTAX_ERR</code> exception and abort these steps.</p>
+    statement, with the exception that <code title="">?</code>
+    characters can be used in place of literals in the statement.</p>
+
+    <p>The <code title="">?</code> placeholders, as the statement is
+    executed, must each take the value of their corresponding argument
+    (from <var title="">arguments...</var>, in the same order).</p>
+
+    <p>If the syntax of <var title="">sqlStatement</var> is not valid
+    (except for the use of <code title="">?</code> characters in the
+    place of literals), or the statement uses features that are not
+    supported (e.g. due to security reasons), then the the method must
+    raise a <code>SYNTAX_ERR</code> exception and abort these
+    steps.</p>
 
     <p>If the number of <var title="">arguments...</var> is not equal
     to the number of <code title="">?</code> placeholders in the